Generative Unbinding of Names

Logical Methods in Comput er Scienc e Vo l. 4 (1:4) 2008, pp. 1–33 www.lmcs-online.o rg Submitte d Ap r. 19, 2007 Published Mar. 18, 2008 GENERA TIVE UNBINDING OF NAM ES ∗ ANDREW M. PITTS a AND MARK R. SHI NWELL b a Universit y of Cam bridge Computer Lab oratory, Cam bridge CB3 0FD, UK e-mail addr e ss : Andrew.Pitts@cl.cam.a c.uk b CodeSourcery , Ltd e-mail addr ess : mark@three-tuns.net Abstra ct. T h is pap er is concerned with th e form of typ ed name binding used by the F res h ML family of languages. Its chara cteristic feature is that a name binding is repre- sen ted by an abstract (name,v alue)-pair that may only be d econstructed via the generation of fresh b ound names. The pap er prov es a new result about what op erations on n ames can co-exist with this construct. In F reshML the only observ ation one can make of names is to test whether or not th ey are equal. This restricted amount of observ ation w as thought necessary to ensure t h at there is no observ able diﬀerence betw een alpha-equiv alen t name binders. Y et from an algo rithmic p oin t of view it would b e desirable to allo w other op er- ations and relations on names, suc h as a total ordering. This paper sh ows that, contrary to exp ectations, o n e may add n ot just ordering, bu t almost any relation or numeric al function on names without d isturbing the fund amen t al correctness result ab out this form of typ ed name binding (that ob ject-lev el alpha-equ iv alence precisely corresponds to con- textual eq u iv alence at the programming meta-lev el), s o long as one takes the state of dynamically created n ames into account. 1. Intr odu ction F reshML and the language systems that it has insp ir ed pro vide some u s er-friendly facilitie s within the conte xt of strongly t yp ed f u nctional p rogramming for computing with syn tactical data structures inv olving names and name b inding. The und erlying theory w as presen ted in [PG00, S PG03] and has b een realised in the F resh patc h of Ob jectiv e Caml [Shi05b]. F reshML has also inspir ed Pot tier’s C α ml to ol [Pot 05 ] for Ob jectiv e Caml and Cheney’s F reshLib libr ary [Che05] for Hask ell. The approac h tak en to b inding in all these wo r ks is “nominal” in t h at the u ser is giv en a ccess to the names of b ound en tities and can w r ite syntax manipulating programs that follo w the informal practice of referring to α -equiv alence classes of terms via repr esen tativ es. Ho wev er, in F reshML the means of access to b ound names is ca r efully con trolled by the type system. I t h as b een sho wn [Shi05a, SP05b] that its static and dynamic p rop erties com bine to guaran tee a certain “correctness 1998 A CM Subje ct Classiﬁc ation: D.3 .1, D.3.3, F.3.2. K ey wor ds and phr ase s: Abstract syntax, binders, alpha-conv ersion, meta-programming. ∗ This paper is a revised and expanded v ersion of [PS07]. a Researc h supp orted by UK EPSR C gran t EP/D000459 /1. LOGICAL METHODS l IN COMPUTER SCIENCE DOI:10.2168 /LMCS-4 ( 1:4) 2008 c  A.M. Pitts and M.R. Shinwell CC  Creative Commons 2 A.M. PITTS AND M .R. SHINWELL t yp e atm t yp e α bnd v al fresh : un it → atm v al bind : atm ∗ α → α bnd v al unbind : α bnd → atm ∗ α v al (=) : atm → atm → b o ol Figure 1: A signature for name bindin g. of representa tion” pr op ert y: data structures repr esen ting α -equiv alen t synta ctical terms (that is, ones diﬀering only in the names of b ound enti ties) alw ays b ehav e the same in an y program. So even though programs can name names, as it were, α -equiv alence of name bindings is take n care of automatically by the programming language design. Of course such a correctness of represent ation pr op ert y dep ends rather delicately up on whic h op erations on b oun d names are allo wed. A t the h eart of this app roac h to bind ing is an op eration th at we call gener ative unbinding . T o explain what it inv olv es, consider a simpliﬁed v ersion of F r esh Ob jectiv e C aml w ith a single type atm of bind able names and a parametric f amily of typ es α bn d classifying abstractions of single names o ver v alues of t yp e α . T o explain: b oth atm and α bnd are abstract types that come with the signature of op erations shown in Figure 1. The closed v alues of type atm are dra wn from a coun tably inﬁnite set A of symbols that we call atoms . Programs only get acce ss to atoms by ev aluating the expr ession fresh() to get a fr esh one; and hence program execution dep ends up on a state recording the atoms that h a ve b een created so far. Giv en a t yp e τ , closed v alues of typ e τ bnd are called atom bindings and are giv en by pairs « a » v consisting of an atom a : atm and a closed v alue v : τ . A tom bindings are constructed by ev aluating bind( a , v ) . F r esh Ob jectiv e Caml pr ovides a very con venien t form of generativ e pattern-matc hing f or deconstructing atom bindings. T o kee p things simple, here w e w ill av oid the use of pattern-matc hing and consider an equiv alen t mechanism for deconstructing atom binding via an unbind fu nction carrying out generativ e un bin ding: unbind « a » v ev aluates by ﬁrst ev aluating fresh() to obtain a fresh atom a ′ and then returning the pair ( a ′ , v { a ′ /a } ) , w here in general v { a ′ /a } denotes the v alue obtained fr om v b y renaming all o ccurr en ces of a to b e a ′ . The instance of r enaming that arises when ev aluating unbind « a » v is sp ecial: t he fresh atom a ′ do es not o ccur in v and so v { a ′ /a } is equiv alent to the resu lt of app lyin g to v the semantic ally b etter b eha ve d op eration of swapping a and a ′ . Although imp lementing such an atom sw app ing op eration on all types of v alues is the main exte nsion that the F resh patc h mak es to Ob jectiv e Caml, w e ha ve not included a swap : atm → atm → α → α op eration in th e signature of Figure 1. This is b ecause it is p ossible for users to deﬁne atom sw app ing themselv es for sp eciﬁc t yp es on a case-b y-case basis. Although this ap p roac h has some limitatio n s, is enough for our pur p oses here. (The app roac h is m ore useful in the pr esence of Hask ell-st yle t yp e classes—see [Che05].) The t yp e α b nd is used in data t yp e declarations in the argumen t t yp e of v alue construc- tors representing binders. T o tak e a familiar example, the terms of the unt yp ed λ -calculus (all terms, whether op en or closed, with v ariables giv en by at oms a ∈ A ) t ::= a | λa.t | t t GENERA TIVE UNBINDING OF NAMES 3 can b e rep r esen ted b y closed v alues of the t yp e term giv en by the declaratio n t yp e term = V of atm | L of term bnd | A of term ∗ term . (1.1) The v alue p t q : term representi ng a λ -term t is deﬁned by p a q , V a p λa.t q , L « a » p t q p t 1 t 2 q , A( p t 1 q , p t 2 q ) (1.2) and satisﬁes: Correctness of Represen tation : two λ -terms ar e α -e quivalent, t 1 = α t 2 , iﬀ p t 1 q and p t 2 q ar e c ontextual ly e quivalent close d val u es of typ e term , i.e. c an b e use d inter change ably in any wel l-typ e d F r esh Obje ctive Caml pr o- gr am without aﬀe cting the observable r esults of pr o gr am exe cution. Since it is also the case that eve r y closed v alue of typ e term is of the form p t q f or some λ -term t , it follo w s that there is a bĳ ection b et wee n α -equiv alence classes of λ -terms and con textual equiv alence cla sses of closed v alues of t yp e term . The C orr ectness of Repr esen ta- tion prop erty is not easy to prov e b ecause of the nature of con textual equiv alence, with its quan tiﬁcation ov er all p ossible program con texts. It w as established in [Shi05a, SP05b] us- ing denotational metho d s that tak e p erm utations of atoms in to account . The same method s can b e used to generalise f r om the example of λ -terms to terms o ver an y nomina l sig natur e in the sense of [UPG04]. Con tribution of this pap er. F or the signature in Figure 1, the on ly op eration on atoms apart from bind is a test for equalit y: a = a ′ ev aluates to true if a and a ′ are the same atom and to false otherwise. A dding extra op erations and relations for atoms ma y w ell c h ange whic h program phrases are cont extually equiv alen t. Is it p ossible to ha ve some relations or op erations on atoms in addition to equalit y without inv alidating the ab o v e Correctness of Represen tation pr op ert y? F or example it wo u ld b e ve ry useful to h av e a linear order ( < ) : atm → atm → b o ol , so that v alues of t yp e atm could b e used as k eys in eﬃcien t d ata structures f or ﬁnite m ap s and the lik e. W e show that this is p ossible, and more. This is a rather unexp ecte d result, f or the follo wing reason. The pro of of th e Correctness of Represen tation p rop ert y giv en in [Sh i05a, SP05b] relies up on e quiv ariant p r op erties of the seman tics, in other words ones wh ose truth is inv arian t under p ermuting atoms. A tom equalit y is equiv arian t: since a p ermutatio n is in p articular bĳectiv e, it preserv es and r eﬂects the v alue of a = a ′ . A t ﬁrst it seems that a linear order on atoms cannot b e equ iv arian t, since if a < a ′ is true, then applying the p erm u tation sw app ing a and a ′ w e get a ′ < a , wh ic h is false. Ho we ver, equiv ariance is a global prop erty: when considering inv ariance of the truth of a pr op ert y un der p ermutati ons , it is crucial to tak e in to account all the parameters u p on whic h the prop erty dep ends. Here there is a hidden parameter: the curr ent state of dynamic al ly cr e ate d atoms . So we should p ermute the atoms in this state as well as the argument s of the r elatio n. W e sh all see that it is p erfectly p ossible to h a v e a state-dep endent equiv arian t ordering for the type atm without in v alidating the Correctness of Repr esen tation p r op ert y . Ind eed we pro ve that one c an add any n -ary function f r om atm to numb ers (or to b o oleans, for that matter) whose 4 A.M. PITTS AND M .R. SHINWELL semantics is r e asonable (w e explain what is reasonable in Section 3) , without invalidating the Corr e ctness of R e pr esentation pr op erty for any nominal signatur e. W e ha ve to w ork quite hard to get this result, whic h generalises the one announced in [SPG03] (with a ﬂa wed p r o of sketc h) and ﬁn ally p ro ve d in [SP05b, Shi05a]; b u t wh ereas those works u ses d enotatio n al tec h niques, here we use an arguably more d irect approac h based on the op erational seman tics of th e language . W e obtain the correct ness result (Theo- rem 5.3) as a co r ollary of more general result (Prop ositions 5.7 and 5.1 0 ) showing that, up to con textual equiv alence, the type τ b nd b ehav es lik e the atom-abstraction construct of [GP01, Sect. 5]. Along the w a y to these r esults we pro ve a Mason-T alcott-st yle “CIU” [MT91] c har- acterisat ion of con textual equiv alence for our language (Theorem 4.4). Th is is pro ved using Ho we ’s metho d [Ho w 96 ] applied to a form ulation of the op erational s emantic s with F elleise n- st yle ev aluation cont exts [FH92], via an abstract m ac hine with frame stac ks [Pit02]. The pro of tec hn ique un derlying our work is rule-based ind uction, but with the no vel t wist that w e exploit seman tic prop erties of f r eshness of n ames that are based on the use of name p ermutat ions and that were in tro d uced in [GP01] and d ev elop ed in [Pit03, UN05, Pit06 ]. 2. Genera tive Unbinding W e use a ve rsion of F resh ML that pr ovides the signature in Figure 1 in the presence of higher order recursiv ely deﬁned fu nctions on us er declare d data structures. Its syn tax is giv en in Figure 2. V ariable binding. The s yntax of expressions and fr ame stac ks in Figure 2 in volv es some v ariable-binding constructs. Sp eciﬁcally: • free o ccurrences of f and x in e are b ound in fun( f x = e ) ; • free o ccurrences of x in e are b ound in let x = e ′ in e ; • for i = 1 ..n , free o ccurrences of x i in e i are b ound in matc h v with (C x 1 → e 1 | · · · | C x n → e n ) ; • free o ccurrences of x in e are b ound in S ◦ ( x.e ) . As usual, we identify expr essions and fr ame stacks up to r enaming of b ound variables . W e write f v( e ) for the ﬁnite set of free v ariables of an expression e (and similarly for frame stac ks); and we write e [ v , . . . /x, . . . ] (2.1) for the simultaneous, capture a voiding substitution of v alues v , . . . for all free o ccurrences of the corresp onding v ariables x , . . . in the expression e (w ell-deﬁned up to α -equiv alence of b ound v ariables). Reduced form. Th e expressions in Figure 2 are giv en in a “redu ced” f orm (also called “A-normal” form [FSDF93]), in which the order of ev aluation is made explicit th r ough let -expressions. This is not essentia l: the use of reduced form mak es the develo p men t of p rop erties of the language’s dynamics more su ccinct and that is mostly wh at we are concerned with here. How ev er, when giving example expressions it is conv enient to use the “unreduced” forms giv en in Figure 3. GENERA TIVE UNBINDING OF NAMES 5 V ariables f , x ∈ V countably inﬁnite set (ﬁxed) A toms a ∈ A coun tably inﬁnite set (ﬁxed) Data typ es δ ∈ D ﬁnite set (v aria ble) Constructors C ∈ C ﬁnite set (v aria ble) Observations obs ∈ O ﬁnite se t (v ariable) V alues v ∈ V a l ::= v a riable x unit () pair ( v , v ) recursive function fun( f x = e ) data constr uctio n C v atom a atom binding « v » v Expr essions e ∈ Exp ::= v a lue v sequencing let x = e in e ﬁrst pr o jection fst v second pro jection snd v function application v v data deconstr uctio n match v with (C x → e | · · · ) fresh atom fresh() generative unbinding unbind v atom obser v a tion obs v · · · v F r ame stacks S ∈ Stk ::= empt y Id non-empty S ◦ ( x.e ) States ~ a ∈ State , ﬁnite lists of distinct atoms Machine c onﬁgur ations h ~ a , S, e i T yp es τ ∈ Typ ::= unit unit pairs τ ∗ τ functions τ → τ data type δ atoms atm atom bindings τ bnd T yping envir onments Γ ∈ V ﬁn → Typ T yping judgements expressions & v alues Γ ⊢ e : τ frame stacks Γ ⊢ S : τ → τ ′ Initial b asis natural num b ers nat ∈ D zero (Zero : unit → nat) ∈ C successor (Succ : nat → nat) ∈ C atom equality eq ∈ O (arity = 2) Figure 2: Language syn tax. 6 A.M. PITTS AND M .R. SHINWELL ( e, e ′ ) , let x = e in let x ′ = e ′ in ( x, x ′ ) ( x / ∈ fv( e ′ ) , x ′ 6 = x ) λx. e , fun( f x = e ) ( f / ∈ fv( e ) , f 6 = x ) k e , let x = e in k x ( k = C , fst , snd) « e » e ′ , let x = e in let x ′ = e ′ in « x » x ′ ( x / ∈ fv( e ′ ) , x ′ 6 = x ) e e ′ , let x = e in let x ′ = e ′ in x x ′ ( x / ∈ fv( e ′ ) , x ′ 6 = x ) match e with ( · · · ) , let x = e in match x with ( · · · ) ( x / ∈ fv( · · · )) if e then e ′ else e ′′ , match e with (Zero() → e ′ | Succ x → e ′′ ) ( x / ∈ fv( e ′′ ) fresh x in e , let x = fresh() in e let « x 1 » x 2 = e in e ′ , let x = e in let x ′ = unbind x in let x 1 = fst x ′ in let x 2 = snd x ′ in e ′ ( x, x ′ / ∈ fv( e ′ ) x ′ 6 = x, x 1 6 = x 2 ) obs e 1 · · · e n , let x 1 = e 1 in · · · let x n = e n in obs x 1 · · · x n ( x 1 , . . . , x n / ∈ fv( e 1 , . . . , e n ) x 1 , . . . , x n distinct ) . Figure 3: Some “unreduced” forms of expression. Remark 2.1 ( Ob ject-lev el binding ) . As we ll as v ariables (standing f or unkno wn v alues), the language ’s expressions and frame stac ks ma y con tain atoms d ra wn from a ﬁxed, coun t- ably inﬁnite s et A . As discussed in the in tro d uction, atoms are used to represent names in the ob ject-lev el languages that are b eing represen ted as data in this programming m eta- language. In particular a v alue of the form « a » v is used to represen t the ob j ect-lev el binding of a name a in the v alue v . Ho wev er, note that there are no atom-binding constructs at the programming meta-lev el. T h e r eader (esp ecially one u sed to using lambda-abstraction to represen t all forms of statical ly-scop ed b in ding) ma y we ll ask why? Why cannot we factor out b y « »-boun d atoms and thereb y trivialise (one half of ) the Correctness of Representa - tion result referred to in the In tro duction? The reason is that it d o es not mak e seman tic sense to try to regard « a » ( − ) as a form of meta- leve l bin d ing and iden tify all expressions up to an α -equiv alence in vol vin g renaming « »-b ound ato m s . F or example, if a an d a ′ are t wo diﬀeren t atoms, suc h an α -equiv alence w ould iden tify fun( f x = « a » x ) with fun( f x = « a ′ » x ) . Ho we ver, these are tw o semantic ally diﬀeren t v alues: they are not con textually equiv alent in the sense discussed in Section 4. F or example, the op erational seman tics describ ed b elo w giv es observ ably diﬀerent results ( 0 and 1 resp ectiv ely) w hen we place the t wo expressions in the conte xt let « x 1 » x 2 = [ − ] a in eq x 1 x 2 (where eq ∈ O is the observ ation for atom-equalit y that we alw a ys assume is present—see Remark 3). T h e reason f or this b eha viour is that v ariables in F reshML-lik e languages stand for unknown v alues that ma y well inv olv e atoms free at the ob ject lev el. W e ma y get capture of suc h atoms within the s cop e of an atom-binding « a » ( − ) during ev aluation. In the exam- ple, w e r eplaced the hole in [ − ] a with fun( f x = « a » x ) and fun( f x = « a ′ » x ) resp ectiv ely , yielding expr essions that ev aluate to « a » a and « a ′ » a —the ﬁr st inv olving capture and the second not; and suc h capturing substitution do es not resp ect naiv e α -equiv alence. So the GENERA TIVE UNBINDING OF NAMES 7 Γ( x ) = τ Γ ⊢ x : τ Γ ⊢ () : unit Γ ⊢ v 1 : τ 1 Γ ⊢ v 2 : τ 2 Γ ⊢ ( v 1 , v 2 ) : τ 1 ∗ τ 2 Γ , f : τ → τ ′ , x : τ ⊢ e : τ ′ Γ ⊢ fun( f x = e ) : τ → τ ′ C : τ → δ Γ ⊢ v : τ Γ ⊢ C v : δ a ∈ A Γ ⊢ a : atm Γ ⊢ v 1 : atm Γ ⊢ v 2 : τ Γ ⊢ « v 1 » v 2 : τ bnd Γ ⊢ e : τ Γ , x : τ ⊢ e ′ : τ ′ Γ ⊢ let x = e in e ′ : τ ′ Γ ⊢ v : τ 1 ∗ τ 2 Γ ⊢ fst v : τ 1 Γ ⊢ v : τ 1 ∗ τ 2 Γ ⊢ snd v : τ 2 Γ ⊢ v 1 : τ → τ ′ Γ ⊢ v 2 : τ Γ ⊢ v 1 v 2 : τ ′ δ = C 1 of τ 1 | · · · | C n of τ n Γ ⊢ v : δ Γ , x 1 : τ 1 ⊢ e 1 : τ · · · Γ , x n : τ n ⊢ e n : τ Γ ⊢ match v with (C 1 x 1 → e 1 | · · · | C n x n → e n ) : τ Γ ⊢ fresh() : atm Γ ⊢ v : τ bnd Γ ⊢ un bind v : atm ∗ τ arity(obs) = k Γ ⊢ v 1 : atm · · · Γ ⊢ v k : atm Γ ⊢ obs v 1 . . . v k : nat Γ ⊢ Id : τ → τ Γ , x : τ ⊢ e : τ ′ Γ ⊢ S : τ ′ → τ ′′ Γ ⊢ S ◦ ( x.e ) : τ → τ ′′ Notation: • Γ , x : τ indicates the typing en vir onment obtained by extending the ﬁnite partial function Γ by mapping a v aria ble x to the type τ (we always a ssume that x / ∈ dom(Γ) ). • In the t yping rule for match -expressions, the h yp othesis “ δ = C 1 of τ 1 | · · · | C n of τ n ” refers to the top-level da ta t yp e declaration (2.2); in other words, the o nly constructor s whose result type is δ ar e C 1 , . . . , C n and τ i is the argument type of C i (for i = 1 ..n ). Figure 4: T ypin g relation. relation of con textual equiv alence that w e deﬁne in Section 4 do es not con tain this naiv e α -equiv alence that ident iﬁ es all (op en or closed) expr essions u p to renaming of « »-b ound atoms. 1 Ho we ver, we will show (Th eorem 5.3) that when we r estrict to closed expressions represen ting ob j ect-le v el languages, then cont extual equiv alence do es conta in (indeed, co- incides with) this form of α -equiv alence: this is the correctness of represen tation result referred to in the In tro duction. Data t yp es and observ ations. The language deﬁned in Figure 1 is parameterised by the c hoice of a ﬁnite set O of function symbols that we call observations on atoms and whose role is discussed in Sectio n 3, by a ﬁnite set D of data typ e symbols, and b y a ﬁnite set C of c onstructor symb ols. Eac h constru ctor C ∈ C is assumed to come with a t yp e, C : τ → δ , where τ ∈ T yp and δ ∈ D . The c h oice of D , C and th is t ypin g information constitutes an 1 Since th e problemati c p ossibly-capturing substitution is part of the dynamics of F reshML, th ere remains the p ossibilit y that the end results in t he dynamics of ex pression ev aluation can b e made more abstract by identifying them u p to renaming b oun d atoms: see Remark 2.5. There are also less naive versions of ob ject-lev el α -equiva lence th at respect p ossibly-capturing substitution, suc h as the one developed in [UPG04] in vol v ing hyp othetical judgements about freshness of atoms for v ariables; contextual equiv alence and “con textual freshness” should form a mo d el of this notion, but w e do not pursue this here. 8 A.M. PITTS AND M .R. SHINWELL ML-st yle top-lev el declaration of some (p ossibly mutually recursiv e) d ata t yp es: t yp e δ 1 = C 1 , 1 of τ 1 , 1 | · · · | C 1 ,n 1 of τ 1 ,n 1 . . . and δ m = C m, 1 of τ m, 1 | · · · | C m,n m of τ m,n m . (2.2) Here δ i (for i = 1 ..m ) are the distinct elemen ts of the set D of data t yp e sym b ols an d C i,j (for i = 1 ..m and j = 1 ..n i ) are the distinct elemen ts of the set C of constructor sym b ols. Th e ab o v e declaratio n just r ecords th e t yp ing in f ormation C : τ → δ that comes with eac h constructor, group ed b y r esult t yp es: δ i app ears as the result type of precisely the constructors C i, 1 , . . . , C i,n i and their argument t yp es are τ i, 1 , . . . , τ i,n i . F or the momen t w e place n o restriction on these t yp es τ i,j : they can b e an y elemen t of the set T yp whose grammar is giv en in Figure 2. Ho wev er, w h en we consider represen tation of ob ject-lev el languages up to α -equiv alence in Section 5, we will restrict att en tion to top-lev el data t yp e declaratio ns where the types τ i,j do not inv olv e function t yp es. W e consider observ ations on atoms that return natural num b ers. (Th e eﬀec t of admit- ting some other types of op eration on atoms is discussed in S ection 6.2.) So we assum e D alw a ys con tains a d istinguish ed data type n at for the t yp e of natural n um b ers and that corresp ondingly C con tains constructors Zero : un it → n at and S ucc : nat → nat for zero and successor. Eac h obs ∈ O denotes a n u m erical function on atoms. W e assume it comes with an arity , sp ecifying the num b er of argum en ts it tak es: so if arity(obs) = k and ( v 1 , . . . , v k ) is a k -tuple of v alues of t yp e atm , then obs v 1 . . . v k is an expression of t yp e nat . Th e typing of the language’s v alues, expressions and f rame stac ks take s place in the p resence of t y p ing en vironments, Γ , eac h assigning typ es to ﬁn itely man y v ariables. T he rules in Figure 4 for the indu ctiv ely deﬁned typing r elation are entirel y standard, giv en that we are follo wing the signature in Fig 1. As we ll as an arit y , w e assu me that eac h obs ∈ O comes with a sp eciﬁed in terpretation: the form this tak es is discussed in S ection 3. Example 2.2 ( Sw apping atoms ) . Examples of programming in F reshML using its char- acteristic feature of generativ ely unbinding atom-binding v alues ma y b e found in [SPG03, SP05a]. Another feature of F reshML, the op eration of swapping ato m s , has b een left out of the grammar in Figure 2 . Ho wev er, as w e men tioned in the in tro duction, there is a t yp e- directed deﬁnition of sw app in g, sw ap τ : atm → atm → τ → τ , for this language . F or example, when τ is th e type atm of atoms we can mak e u se of the observ ation eq ∈ O for atom- equalit y that we alw a ys assume is presen t (see Remark 3) together with the abbr eviations in Figure 3 and deﬁne sw ap atm , λx.λy .λz . if eq z x then y else if eq z y then x else z . (2.3) A t unit, pro d uct, function and ato m-binding t yp es w e can mak e use of standard deﬁ n itions of p erm utation action for th ese t yp es of data (see [Pit06, Section 3], for example): sw ap unit , λx.λy .λz . z (2.4) sw ap τ 1 ∗ τ 2 , λx.λy .λz . (swap τ 1 x y (fst z ) , swap τ 2 x y (snd z )) (2.5) sw ap τ 1 → τ 2 , λx.λy .λz .λx 1 . sw ap τ 2 x y ( z (swap τ 1 x y x 1 )) (2.6) sw ap τ bnd , λx.λy .λz . let z = « z 1 » z 2 in « sw ap atm x y z 1 » (sw ap τ x y z 2 ) . (2.7) A t data types we ha v e to mak e r ecursiv e deﬁnitions corresp ond in g to the inductiv e nature of the data t yp es. F or example, if w e assume that in addition to the data type nat for GENERA TIVE UNBINDING OF NAMES 9 h ~ a, S, e i − → h ~ a ′ , S ′ , e ′ i (1) h ~ a , S ◦ ( x.e ) , v i − → h ~ a, S , e [ v /x ] i (2) h ~ a , S, let x = e 1 in e 2 i − → h ~ a, S ◦ ( x.e 2 ) , e 1 i (3) h ~ a , S, match C v with ( · · · | C x → e | · · · ) i − → h ~ a, S, e [ v / x ] i (4) h ~ a , S, fst( v 1 , v 2 ) i − → h ~ a, S, v 1 i (5) h ~ a , S, snd( v 1 , v 2 ) i − → h ~ a, S, v 2 i (6) h ~ a , S, v 1 v 2 i − → h ~ a, S, e [ v 1 , v 2 /f , x ] i if v 1 = fun( f x = e ) (7) h ~ a , S, fresh() i − → h ~ a < a ′ , S, a ′ i if a ′ / ∈ atom( ~ a ) (8) h ~ a , S, unbind « a » v i − → h ~ a < a ′ , S, ( a ′ , v { a ′ /a } ) i if a ′ / ∈ atom( ~ a ) (9) h ~ a , S, obs a 1 . . . a k i − → h ~ a, S, p m q i if arity(obs) = k , ( a 1 , . . . , a k ) ∈ atom( ~ a ) k and J obs K ~ a ( a 1 , . . . , a k ) = m Notation: • v { a ′ /a } is the result of r eplacing a ll oc c ur rences of an a to m a b y an atom a ′ in the v alue v ; • atom( _ ) is the ﬁnite s e t of a ll atoms o ccurring in _ ; • ~ a < a ′ is the state o btained b y appe nding a n atom a ′ not in a to m( ~ a ) to the right of the ﬁnite list of distinct atoms ~ a ; • p m q is the the closed v alue of type nat cor resp onding to m ∈ N : p 0 q , Zero() and p m + 1 q , Succ p m q ; • J obs K is the meaning of obs : see Section 3. Figure 5: T ransition relation. natural n u m b ers w e just hav e a data typ e term as in (1.1), then w e can deﬁne sw ap nat , λx.λy . fun( f z = matc h z with (Zero () → Z ero() | Succ z 1 → Succ( f z 1 ))) (2.8) sw ap term , λx.λy . fun( f z = matc h z with ( V z 1 → V(swap atm x y z 1 ) | L z 1 → let « z 2 » z 3 = z 1 in L( « sw ap atm x y z 2 » ( f z 3 )) | A z 1 → A( f (fst z 1 ) , f (sn d z 1 )) )) . (2.9) (The fact th at v alues of t yp e nat do not inv olve atoms means th at the ab o v e systematic deﬁnition of swap nat is in fact con textually equiv alen t to λx.λy .λz . z .) Op erational semantics. The abstract mac hine that w e use to d eﬁne the language’s dy- namics h as conﬁgurations of the f orm h ~ a, S, e i . Here e is the expr ession to b e ev aluated, S is a stac k of ev aluation frames and ~ a is a ﬁnite list of distinct atoms that ha ve b een allo cated so f ar. Figure 5 deﬁnes the transition relation b et ween conﬁgurations that w e use to giv e the language’s op erational semant ics. The ﬁr st six types of transition are all quite stan- dard. T r ansition 7 deﬁn es the dynamic allocation of a fr esh atom and transition 8 deﬁn es generativ e u n b inding using a freshly created atom; we discuss tr ans ition 9 for observ ations on atoms in the next secti on. F or the atom a ′ in 7 to really b e fresh, w e need to kno w that it d o es not o ccur in S ; similarly , in 8 we n eed to kno w that a ′ do es n ot o ccur in ( S, a, v ) . These requirements are met if conﬁgurations h ~ a , S, e i s atisfy that all the atoms o ccurring in the frame stac k S or the expression e o ccur in the list ~ a . Using the notation atom( − ) men tioned in Figure 5, w e write this condition as atom( S, e ) ⊆ atom( ~ a ) . (2.10) 10 A.M. PITTS AND M .R. SHINWELL Theorem 2.4 sho ws that this prop erty of conﬁgurations is inv arian t u nder transitions, as is w ell-t yp edness. Before stating this theorem w e int ro duce some u seful terminology . Deﬁnition 2.3 ( W orlds ) . A ( p ossible ) world w is jus t a ﬁnite s u bset of the the ﬁxed set A of atoms. W e write W orld for the set of all wo r ld s. In w h at follo ws we will index v arious relations asso ciated with the language we are considering b y worlds w ∈ W orld that mak e explicit the atoms inv olv ed in the relation. Sometimes (as in the follo wing theorem) this is merely a matter of n otatio nal con ve n ience; w orld-ind exing will b e more crucial when we consider p rogram equiv alence: see Remark 4.7 b elo w. Theorem 2.4 ( T yp e Safet y ) . W rite ⊢ w h ~ a, S, e i : τ to me an that atom( S, e ) ⊆ ato m ( ~ a ) = w and that ther e is some typ e τ ′ with ∅ ⊢ S : τ ′ → τ and ∅ ⊢ e : τ ′ . The typ e system has the fol lowing pr op e rties. Preserv a tion: if ⊢ w h ~ a , S, e i : τ and h ~ a , S, e i − → h ~ a ′ , S ′ , e ′ i , with atom( ~ a ′ ) = w ′ say, then w ⊆ w ′ and ⊢ w ′ h ~ a ′ , S ′ , e ′ i : τ . Progress: if ⊢ w h ~ a , S, e i : τ , then either S = Id and e ∈ V al , or h ~ a, S , e i − → h ~ a ′ , S ′ , e ′ i holds for some ~ a ′ , S ′ and e ′ . Pr o of. T he pro of of these prop erties is routine and is omitted. Remark 2.5 ( Alternativ e op erat ional seman tics ) . It is worth r emarking that there are alternativ e approac h es to representing ob ject-lev el bind ing of a n ame a in a v alue v in F reshML-lik e languages. In the original p ap er on F r eshML [PG00], the authors make a d istinction b et wee n non-canonical expr essions a.v for atom-binding and the “seman tic v alues” abs( a, v al ) to w hic h they ev aluate. That pap er giv es an op eratio nal semant ics in the st yle of the Deﬁnition of Standard ML [MTHM97] in which programming language ex- pressions are separate from seman tic v alues. It is p ossib le to identify suc h seman tic v alues up to α -equiv alence of abs( a, − ) -b ound ato ms without the kind of inconsistency illustrated in Remark 2.1. (Suc h semanti c v alues in whic h abs( a, − ) is a binder are used by P ot- tier [Pot 07], alb eit for ﬁ rst-order v alues.) Ho wev er, this do es not h elp to simplify the t yp e of Correctness of Represen tation result in whic h w e are inte rested here, b ecause programs are written usin g expressions, not seman tic v alues. F or example, identifying seman tic v alues in this wa y , abs( a, a ) and abs( a ′ , a ′ ) are identic al and hence trivially con textually equiv a- len t; h o we v er the expressions a.a and a ′ .a ′ (that here w e wr ite as « a » a and « a ′ » a ′ ) are not equal and there is something to b e done to prov e that they are cont extually equiv alen t. In the op eratio nal seman tics of [PG00] these expressions ev aluate to the same semantic v alue up to α -equiv alence; so one wo u ld need to pro ve that con textual equiv alence for that language con tains “Klee n e equiv alence”—for example b y pro ving a “CIU” theorem lik e our Theorem 4.4 b elo w. So it is p robably p ossible to d ev elop the resu lts of this pap er using this sligh tly more abstract st yle of op erational seman tics with seman tic v alues iden tiﬁed u p to α -equiv alence of b ound atoms. Ho w ever our exp erience is that the st yle of op erational seman tics we use h ere, in whic h seman tic v alues are identi ﬁed with certain canonical ex- pressions (bu t necessarily not identiﬁed up α -equiv alence of b ound atoms, f or the reasons discussed in Remark 2.1) leads to a simpler tec hnical d ev elopmen t o veral l. GENERA TIVE UNBINDING OF NAMES 11 h ~ a, S, e i↓ n h ~ a, S, e i↓ h ~ a, Id , v i↓ 0 h ~ a, S, e i − → h ~ a ′ , S ′ , e ′ i h ~ a ′ , S ′ , e ′ i↓ n h ~ a , S, e i↓ n +1 h ~ a, S, e i↓ n h ~ a, S, e i↓ Figure 6: T ermination r elatio ns. 3. Ob ser v a tions on A t oms The language we are considering is parameterised by a choic e of a ﬁnite set O of n u merical fu n ctions on atoms. W e assume that eac h obs ∈ O comes with a sp eciﬁed meaning J obs K . As men tioned in the int r o duction, we should allo w these meanings to b e dep endent on the current state (the list of distinct atoms that ha ve b een created s o far). So if arit y (obs) = k , for eac h ~ a ∈ State we assume give n a f u nction J obs K ~ a : atom( ~ a ) k → N mapping k -tuples of atoms o ccurr in g in the s tate ~ a to natural num b ers. These functions are used in the transitions of type 9 in Figure 5. Not ev ery su c h family ( J obs K ~ a | ~ a ∈ State) of functions is acceptable as an observ ation on atoms: we require that the family b e e qu i v ariant . T o explain what this means we need the follo wing deﬁnition. Deﬁnition 3.1 ( P erm uta tions ) . A ﬁnite p ermutation of atoms is a bĳ ection π from the set A of atoms on to itself such that su pp( π ) , { a ∈ A | π ( a ) 6 = a } is a ﬁnite set. W e write P for the set of all such p erm utations. If π ∈ P and ~ a ∈ S tate , then π · ~ a denotes the ﬁ nite list of d istinct atoms obtained by mapp ing π o v er the list ~ a ; if e is an expr ession, then π · e denotes the expression obtained from it by applying π to the atoms in e ; and s imilarly for other syntac tical structures inv olving ﬁnitely man y atoms, suc h as v alues and frame stac ks . W e require the functions ( J obs K ~ a | ~ a ∈ State) associated with eac h obs ∈ O to satisfy an e q u ivarianc e prop ert y: for all π ∈ P , ~ a ∈ S tate and ( a 1 , . . . , a k ) ∈ atom( ~ a ) k (where k is the arit y of obs ) J obs K ~ a ( a 1 , . . . , a k ) = J obs K π · ~ a ( π ( a 1 ) , . . . , π ( a k )) . (3.1) W e imp ose condition (3.1) for the follo wing r eason. In Figure 5, the side conditions on transitions of t y p es 7 and 8 do not sp ecify which of the inﬁnitely man y atoms in A − atom( ~ a ) should b e c hosen as the f resh atom a ′ . Any particular implemen tation of the language will mak e s uc h c h oices in some sp eciﬁc wa y , for example by implement in g atoms as n u m b ers and incremen ting a global counte r to get the n ext fresh atom. W e wish to wo r k at a lev el of abstraction that is ind ep endent of suc h implemen tation details. W e can do so by ensuring that we only use prop erties of m ac hine conﬁgurations h ~ a, S, e i that dep end on the relativ e p ositions of atoms in the list ~ a , rather th an up on their id entiti es. S o prop erties of conﬁgurations s hould b e equiv arian t: if h ~ a, S, e i has the prop erty , then so should h π · ~ a, π · S, π · e i for an y π ∈ P . Th e main p rop erty of conﬁgurations we need is termination , deﬁned in Figure 6, since as w e see in the next section this determines conte xtual equiv alence of expressions. With cond ition (3.1) we ha v e: Lemma 3.2. If h ~ a, S, e i↓ n , then h π · ~ a, π · S, π · e i ↓ n for any π ∈ P . Pr o of. I n view of the deﬁnition of termination in Figure 6, it suﬃces to sho w that the transition relation is equ iv arian t: h ~ a, S, e i − → h ~ a ′ , S ′ , e ′ i ⇒ h π · ~ a, π · S, π · e i − → h π · ~ a ′ , π · S ′ , π · e ′ i . 12 A.M. PITTS AND M .R. SHINWELL Equality , eq ( arity = 2 ): J eq K ~ a ( a, a ′ ) , ( 0 if a = a ′ , 1 otherwise. Line ar or der , lt ( a r ity = 2 ): J lt K ~ a ( a, a ′ ) , ( 0 if a occurs to the left of a ′ in the list ~ a , 1 otherwise. Or dinal , o rd ( arity = 1 ): J ord K ~ a ( a ) , n , if a is the n th elemen t of the list ~ a . State size , ca rd ( arity = 0 ): J card K ~ a () , length o f the list ~ a . Figure 7: Examples of observ ations on atoms. This can b e prov ed by cases from the deﬁnition of − → in Fig 5. Cases 1 –8 follo w f r om general pr op erties of the action of p ermutatio ns on synt actical structures (such as the fact that π · ( e [ v /x ]) equ als ( π · e )[ π · v /x ] ); case 9 us es prop erty (3.1). As a corollary w e ﬁ nd that termination is in deed indep end en t of the choic e of fresh atom in transitions of the form 7 or 8. Corollary 3.3. If h ~ a, S , fresh i↓ n +1 with atom( S ) ⊆ atom( ~ a ) , then for al l a ′ / ∈ atom( ~ a ) , it is the c ase that h ~ a < a ′ , S, a ′ i↓ n . Similarly, if h ~ a , S, unbind « a » v i↓ n +1 with atom( S, a, v ) ⊆ atom( ~ a ) , then for al l a ′ / ∈ ato m( ~ a ) , it is the c ase that h ~ a < a ′ , S, ( a ′ , v { a ′ /a } ) i↓ n . There are observ ations on ato m s that are not equiv arian t, that is, wh ose v alue on some atoms in a p articular state do es not dep end just up on the relativ e p osition of those atoms in the state. F or example, if we ﬁx some enumeration of the set of atoms, α : N ∼ = A , it is easy to see that the unary obs erv ation give n by J obs K ~ a ( a ) = α − 1 ( a ) fails to satisfy (3.1). Nev ertheless, there is a wide r an ge of fu n ctions that do h a ve this prop ert y . Figure 7 giv es some examples. Remark 3.4 ( A tom-equality test ) . The ﬁrst observ ation on atoms giv en in Figure 7, eq , com bined with the u s ual arithmetic op erations for nat that are already deﬁnable in the language, give s us the eﬀect of the function (=) : atm → atm → b o ol from the signature in Figure 1; so we assume that the set O of observations on atoms always c ontains eq . Remark 3.5 ( F resh Atoms La rgest ) . Note that in the op erational seman tics of Figure 5 w e hav e chosen to make “fresh atoms largest”, in the sense that the fresh atom a ′ in transitions 7 and 8 is added to the righ t-hand end of the list ~ a represent ing the current state. In the presence of observ ations on atoms other than equalit y , su c h a c h oice may w ell aﬀect the p r op erties of the notion of program equiv alence that w e explore in the n ext section. Other choi ces are p ossible, but to insist that program equiv alence is indep enden t of an y su c h choic e would rule out many useful observ ations on atoms (suc h as lt or ord in Figure 7). GENERA TIVE UNBINDING OF NAMES 13 4. Cont extual Equiv alence W e wish to pro ve that the language we h a v e describ ed satisﬁes C orrectness of Rep- resen tation prop erties of the kind mentio ned in the introd uction. T o d o so, we ﬁrst h a v e to b e more precise ab out what it m eans for t wo expr essions to b e c ontextual ly e quiv alent , that is, to b e inte rc hangeable in any program without aﬀecti n g the observ able results of executing that program. What is a program, what do es it m ean to execute it, and what results of execution d o we observ e? The answers we tak e to these questions are: pr ograms are closed we ll-t yp ed expressions; execution means carrying out a sequence of transitions of the abstract mac hine from an initial machine conﬁguration consisting of a state (that is, a list of atoms con taining th ose ment ioned in the p rogram), the empt y frame stac k and the program; and w e observ e whether execution reac h es a terminal conﬁguration, that is, one of the form h ~ a, Id , v i . W e need only observe termination b ecause of the language’s strict ev aluation s trategy: observing any (r easonable) pr op erties of the ﬁnal v alue v results in the s ame n otion of con textual equiv alence. Also, it is tec h nically conv enien t to b e a b it more lib eral ab out what constitutes an initial conﬁguration by allo win g the starting frame stac k to b e n on-empt y: this d o es not c hange the n otion of cont extual equiv alence b ecause of the corresp ondence b et ween frame stac ks and “ev aluation” con texts—see the remarks after Deﬁn ition 4.5 b elo w. So we can s ay that e and e ′ are con textually equiv alen t if for all program con texts C [ − ] , the programs C [ e ] and C [ e ′ ] are op er ational ly e quivalent in the follo wing sense. Deﬁnition 4.1 ( Op erational E quiv alence of Closed Expressions ) . ⊢ w e ∼ = e ′ : τ is deﬁned to hold if • atom( e, e ′ ) ⊆ w ; • ∅ ⊢ e : τ an d ∅ ⊢ e ′ : τ ; and • for all ~ a , S and τ ′ with w ∪ atom( S ) ⊆ atom( ~ a ) and ∅ ⊢ S : τ → τ ′ , it is the case that h ~ a, S, e i↓ ⇔ h ~ a, S, e ′ i↓ . Ho we ver, for the reasons give n in [Pit0 5, Section 7.5], w e p refer not to phrase the formal deﬁnition of con textual equiv alence in terms of the inconv enien tly concrete op eration of p ossibly capturing substitution of op en expressions for the h ole “ − ” in program con texts C [ − ] . Instead w e tak e the more abs tract relatio nal app roac h originally adv o cated by Go rdon [Gor98] and Lassen [Las98] that fo cuses up on the k ey features of con textual equ iv alence, namely that it is the lar gest c ongruenc e r elation for wel l-typ e d expr essions that c ontains the r elation of op er ational e quivalenc e of Deﬁnition 4.1. A congruence relation is an expression relation that is an equiv alence, compatible and substitutiv e, in the follo win g sense. Deﬁnition 4.2 ( Expression Relations ) . An expr ession r elation E is a set of tuples (Γ , w, e, e ′ , τ ) (made up of a t ypin g con text, a w orld, t wo expressions and a ty p e) satis- fying atom( e, e ′ ) ⊆ w , Γ ⊢ e : τ and Γ ⊢ e ′ : τ . W e write Γ ⊢ w e E e ′ : τ to ind icate that (Γ , w , e, e ′ , τ ) is a mem b er of E . W e u se the follo wing terminology in connection with expression relations. • E is an e q uivalenc e if it is reﬂexiv e ( atom ( e ) ⊆ w ∧ Γ ⊢ e : τ ⇒ Γ ⊢ w e E e : τ ), symmetric ( Γ ⊢ w e E e ′ : τ ⇒ Γ ⊢ w e ′ E e : τ ) and transitiv e ( Γ ⊢ w e E e ′ : τ ∧ Γ ⊢ w e ′ E e ′′ : τ ⇒ Γ ⊢ w e E e ′′ : τ ). • E is c omp atible if b E ⊆ E , where b E is the c omp atible r eﬁnement of E , deﬁned in Figure 8. 14 A.M. PITTS AND M .R. SHINWELL Γ( x ) = τ Γ ⊢ w x b E x : τ Γ ⊢ w () b E () : unit Γ ⊢ w v 1 E v ′ 1 : τ 1 Γ ⊢ w v 2 E v ′ 2 : τ 2 Γ ⊢ w ( v 1 , v 2 ) b E ( v ′ 1 , v ′ 2 ) : τ 1 ∗ τ 2 Γ , f : τ → τ ′ , x : τ ⊢ w e E e ′ : τ ′ Γ ⊢ w fun( f x = e ) b E fun( f x = e ′ ) : τ → τ ′ C : τ → δ Γ ⊢ w v E v ′ : τ Γ ⊢ w C v b E C v ′ : δ a ∈ w Γ ⊢ w a b E a : atm Γ ⊢ w v 1 E v ′ 1 : atm Γ ⊢ w v 2 E v ′ 2 : τ Γ ⊢ w « v 1 » v 2 b E « v ′ 1 » v ′ 2 : τ bnd Γ ⊢ w e 1 E e ′ 1 : τ Γ , x : τ ⊢ w e 2 E e ′ 2 : τ ′ Γ ⊢ w let x = e 1 in e 2 b E let x = e ′ 1 in e ′ 2 : τ ′ Γ ⊢ w v E v ′ : τ 1 ∗ τ 2 Γ ⊢ w fst v b E fst v ′ : τ 1 Γ ⊢ w v E v ′ : τ 1 ∗ τ 2 Γ ⊢ w snd v b E snd v ′ : τ 2 Γ ⊢ w v 1 E v ′ 1 : τ → τ ′ Γ ⊢ w v 2 E v ′ 2 : τ Γ ⊢ w v 1 v 2 b E v ′ 1 v ′ 2 : τ ′ δ = C 1 of τ 1 | · · · | C n of τ n Γ ⊢ w v E v ′ : δ Γ , x 1 : τ 1 ⊢ w e 1 E e ′ 1 : τ · · · Γ , x n : τ n ⊢ w e n E e ′ n : τ Γ ⊢ w match v with (C 1 x 1 → e 1 | · · · | C n x n → e n ) b E match v ′ with (C 1 x 1 → e ′ 1 | · · · | C n x n → e ′ n ) : τ Γ ⊢ w fresh() b E fresh() : atm Γ ⊢ w v E v ′ : τ bnd Γ ⊢ w un bind v b E unbind v ′ : atm ∗ τ arity(obs) = k Γ ⊢ w v 1 E v ′ 1 : atm · · · Γ ⊢ w v k E v ′ k : atm Γ ⊢ w obs v 1 . . . v k b E obs v ′ 1 . . . v ′ k : nat Γ ⊢ w Id b E Id : τ → τ Γ , x : τ ⊢ w e E e ′ : τ ′ Γ ⊢ w S b E S ′ : τ ′ → τ ′′ Γ ⊢ w S ◦ ( x.e ) b E S ′ ◦ ( x.e ′ ) : τ → τ ′′ Figure 8: Compatible reﬁnement b E of an expression relation E . • E is substitutive if Γ ⊢ w v E v ′ : τ ∧ Γ , x : τ ⊢ w e E e ′ : τ ′ ⇒ Γ ⊢ w e [ v /x ] E e ′ [ v ′ /x ] : τ ′ . • E is e quivariant if Γ ⊢ w e E e ′ : τ ⇒ Γ ⊢ π · w π · e E π · e ′ : τ . • E is ade qu ate if ∅ ⊢ w e E e ′ : τ ⇒ ⊢ w e ∼ = e ′ : τ . W e extend op erational equiv alence (Deﬁnitio n 4.1) to an expression relation, Γ ⊢ w e ∼ = ◦ e ′ : τ , by instantia ting free v ariables with closed v alues: Deﬁnition 4.3 ( ∼ = ◦ ) . Supp osing Γ = { x 1 : τ 1 , . . . , x n : τ n } , we deﬁne Γ ⊢ w e ∼ = ◦ e ′ : τ to hold if • atom( e, e ′ ) ⊆ w ; • Γ ⊢ e : τ and Γ ⊢ e ′ : τ ; and • for all w ′ ⊇ w and all closed v alues v i with atom( v i ) ⊆ w ′ and ∅ ⊢ v i : τ i (for i = 1 ..n ), it is the case that ⊢ w ′ e [ ~ v / ~ x ] ∼ = e ′ [ ~ v / ~ x ] : τ . Note that for closed expressions, that is, in the case that Γ = ∅ , the relatio n ∼ = ◦ agrees with ∼ = : ∅ ⊢ w e ∼ = ◦ e ′ : τ ⇔ ⊢ w e ∼ = e ′ : τ . (4.1) GENERA TIVE UNBINDING OF NAMES 15 Theorem 4.4 ( CIU ) . Op er ational e quivalenc e of p ossibly op en expr e ssions, ∼ = ◦ , is a c om- p atible, substitutive and ade quate e quivalenc e. It is the lar gest such expr ession r elation. It is also e quivariant. Pr o of. T he fact th at ∼ = ◦ is equiv arian t follo ws fr om Lemma 3.2. The fact that it is an equiv alence and adequate is immediate from its deﬁn ition; as is the fact that it con tains an y expression relation that is adequate, sub stitutiv e and r eﬂ exive. So the main d iﬃcult y is to sho w that it is compatible and su bstitutiv e. One can do this b y adapting a constru ction due to Ho w e [Ho w 96]; see App endix A. Deﬁnition 4.5 ( Contextual Equiv alence ) . In view of the discussion at th e b eginning of this section, Theorem 4.4 tells us that ∼ = ◦ coincides w ith a con v en tional n otion of con textual equiv alence deﬁ n ed us ing program con texts: s o from no w on w e refer to ∼ = ◦ as c ontextual e qu i v alenc e . Remark 4.6 ( Uses of closed instantiations ) . W e lab elled the ab ov e theorem “CIU” b ecause it is an alogous to a theorem of that name due to Mason and T alcott [MT91]. CI U, after p erm utation, stands for “Uses of Closed In stan tiations”; and the theorem tells u s that to test op en expressions for con textual equiv alence it suﬃces to ﬁ rst close them by substituting closed v alues f or free v ariables and then test th e resulting closed expressions for termination w hen they are u sed in any evaluation c ontext [FH92]. This f ollo w s from the d eﬁnition of ∼ = ◦ and the fact that termination in ev aluation context s corresp onds to termination of machine conﬁgurations via the easily veriﬁed prop erty h ~ a , S, e i↓ ⇔ h ~ a, Id , S [ e ] i↓ (4.2) where the expression S [ e ] is deﬁn ed b y recursion on the length of the s tac k S by: Id[ e ] , e S ◦ ( x.e ′ )[ e ] , S [let x = e in e ′ ] . (4.3) Theorem 4.4 serves to establish some basic prop erties of con textual equiv alence, such as the fact that the state- indep endent transitions in Figure 5 (t yp es 1 – 6 and 9) giv e rise to con textual equiv alences. F or example, Γ ⊢ w let x = v in e ∼ = ◦ e [ v /x ] : τ ′ holds if Γ ⊢ w v : τ and Γ , x : τ ⊢ w e : τ ′ . Ho wev er, we hav e to w ork a bit h arder to understand the consequences of transitions of t yp es 7 and 8 for con textual equiv alence at atom binding t yp es, τ bnd . W e address this in the next section. Remark 4.7 ( P ossible W orlds ) . It is immediate from th e deﬁnition of ∼ = ◦ that it satisﬁes a we ak ening prop ert y: Γ ⊢ w e ∼ = ◦ e ′ : τ ∧ w ⊆ w ′ ⇒ Γ ⊢ w ′ e ∼ = ◦ e ′ : τ . (4.4) If it also satisﬁed a strengthening p rop ert y Γ ⊢ w ′ e ∼ = ◦ e ′ : τ ∧ atom( e, e ′ ) ⊆ w ⊆ w ′ ⇒ Γ ⊢ w e ∼ = ◦ e ′ : τ (4.5) then w e could mak e the indexing of con textual equiv alence by “p ossible w orlds” w implicit b y taking w = atom( e, e ′ ) . When O just con tains eq , pr op ert y (4.5) do es hold; this is w h y there is no need for ind exing by p ossible wo r lds in [Sh i05a, SP05b]. Ho w ever, it is n ot hard to see that the presence of some observ ations on atoms, su c h as the fun ction card in Figure 7, can cause (4.5) to fail. It is for this reason that we ha v e b uilt indexing b y p ossible w orlds in to expression r elations (Deﬁnition 4.2). 16 A.M. PITTS AND M .R. SHINWELL ⊢ w () = α () : unit ⊢ w v 1 = α v ′ 1 : σ 1 ⊢ w v 2 = α v ′ 2 : σ 2 ⊢ w ( v 1 , v 2 ) = α ( v ′ 1 , v ′ 2 ) : σ 1 ∗ σ 2 C : σ → δ ⊢ w v = α v ′ : σ ⊢ w C v = α C v ′ : δ a ∈ w ⊢ w a = α a : atm a ′′ / ∈ w ⊇ atom( a, v , a ′ , v ′ ) ⊢ w ∪ { a ′′ } v { a ′′ /a } = α v ′ { a ′′ /a ′ } : σ ⊢ w « a » v = α « a ′ » v ′ : σ bnd Figure 9: α -Equiv alence. 5. Corr ectness of Represent a tion Recall fr om Section 2 that th e language we are considering is p arameterised by a top- lev el declaration of some (p ossibly mutuall y recursive) data t yp es: t yp e δ 1 = C 1 , 1 of τ 1 , 1 | · · · | C 1 ,n 1 of τ 1 ,n 1 . . . and δ m = C m, 1 of τ m, 1 | · · · | C m,n m of τ m,n m . (5.1) If w e restrict atten tion to declarations in which the argument types τ i,j of the constructors C i,j are just ﬁn ite pro ducts of the declared data t yp es δ 1 . . . , δ m , then the ab o v e declarat ion corresp onds to a many-sorte d algebr aic signatur e ; furth erm ore, in this case the language’s v alues at eac h d ata type are ju st the abs tract syn tax trees of terms of the corresp ondin g sort in the signature. By allo w in g atoms and atom bin dings in addition to pr o ducts in the argumen t t yp es τ i,j , one arriv es at the notion of “nominal signature”, introd uced in [UPG04] and more f ully develo p ed in [Pit06]. It extends the n otion of man y-sorted algebraic signature with names (of p ossibly m any kind s) and inform ation ab out n ame binding in constructors. Here, for simplicit y , we are restricting to a single kin d of name, represent ed by the t yp e atm of atoms; but our results extend easily to the case of many kinds of name. Deﬁnition 5.1 ( Nominal Signatures ) . The subset Arity ⊆ Typ is giv en b y the grammar σ ∈ Arit y ::= unit | σ ∗ σ | δ | atm | σ bn d (5.2) where δ ranges o v er the ﬁ nite set D of d ata t yp e symbols. (In other words Arit y consists of those types of our language that do n ot inv olv e an y use of the fu n ction t yp e constru ction, → .) T h e elemen ts of the set Arity are called nominal arities . (Th e notation h h atm i i σ is u sed in [UPG04, Pit06] for what we h ere write as σ bnd .) A nominal signatur e with a single sort of atoms, atm , is sp eciﬁed b y a data typ e declaration (5.1) in which the argument t yp es τ i,j of the constructors C i,j are all nominal arities. The o ccur r ences of σ b nd in a n omin al signature (5.1) indicate argument s with b oun d atoms. In p articular, w e can asso ciate with eac h suc h signature a notion of α -e qu ivalenc e , = α , that id en tiﬁes closed v alues of n ominal arity up to r enaming b ound atoms. T he induc- tiv e deﬁnition of = α is giv en in Figure 9. It generalises to an arbitrary nominal signature the syn tax-directed charact erisation of α -equiv alence of λ -terms giv en in [Gun92, p. 36]. The deﬁnition in Figure 9 is essen tially that giv en in [Pit06], except that we hav e included an indexing b y p ossible worlds w , to c hime with our form of ju dgemen t for conte xtual equiv- alence; without that indexing, the condition “ a ′′ / ∈ w ⊇ atom( a, v , a ′ , v ′ ) ” in the rule for α -equiv alence of v alues of atom bindin g t yp e w ould b e replaced b y “ a ′′ / ∈ ato m( a, v , a ′ , v ′ ) ”. Remark 5.2 ( The role of closed v alues ) . F or eac h σ ∈ Arity , the close d v alues (that is, ones with no f ree v ariables) of that t yp e, ∅ ⊢ w v : σ , corresp ond precisely to the ground GENERA TIVE UNBINDING OF NAMES 17 terms (with arit y σ and atoms in w ) o ver the giv en nominal signature, as deﬁn ed in [UPG04]. F or example, the declaration (1.1 ) corresp onds to the nominal signature for λ -calculus; and closed v alues of t yp e term corresp ond as in (1.2) to the abstract syn tax trees for λ -terms— op en or closed ones, with λ -calc ulus v ariables represen ted b y atoms. F or other examples of nominal signatures, with more complicated patterns of binding, see [Pit06, Section 2.2]. Note that the deﬁnition of = α in Figure 9 cannot b e extended naiv ely to op en v al- ues with free v ariables, for the reasons d iscussed in Remark 2.1. F ree v ariables stand for unknown v alues that ma y w ell in vo lve atoms that get captured b y « »-binders up on substi- tution. So as w e saw in that remark, it do es not make seman tic sens e to say , for example, that « a » x and « a » x are α -equiv alen t without putting some restrictions on the kind of v alue x stands for. In [UPG04 ], Urban et al consider s uc h restrictions consisting of assu m ptions ab out the fresh ness of atoms for v ariables; they generalise Figure 9 to a hyp othetical no- tion of α -equiv alence b et w een op en v alues 2 , with h y p otheses consisting of such freshness assumptions. It ma y b e p ossible to r elate the v alidit y of this general form of α -equiv alence to con textual equiv alence, bu t here we conte n t ourselv es with the follo wing result about the straigh tforwa r d n otion of α -equiv alence on closed v alues giv en by Figure 9. Theorem 5.3 ( Correctness of Representation ) . Supp ose that al l the observations on atoms obs in O satisfy the e quivarianc e pr op erty (3.1) . F or e ach nominal signatur e, two close d values v , v ′ of the same nominal arity σ (with atoms c ontaine d in the ﬁnite set w , say) ar e α -e quivalent if and only if they ar e c ontextual ly e quiv alent: ⊢ w v = α v ′ : σ ⇔ ⊢ w v ∼ = v ′ : σ . (5.3) The r est of this section is dev oted to the p ro of of the bi-implication in (5.3). Before commencing the pro of w e mak e some remarks ab out the relativ e diﬃcult y of eac h half of the bi-implication and ab out alternativ e approac hes to the pr o of than the one w e tak e. Remark 5.4 ( ⊢ w v = α v ′ : σ ⇒ ⊢ w v ∼ = v ′ : σ ) . A t ﬁrst sigh t it might seem that this implication is trivial: since we id en tify expressions up to α -equiv alence of b ound v ariables, con textual equiv alence automaticall y con tains that notion of equiv alence. Ho w eve r, = α is not that meta-lev el α -equiv alence, it is α -equiv alence at the ob ject-lev el for « »-b ound atoms. As w e noted in Remark 2.1, iden tifying all (op en or closed) expressions up to renaming « »-b oun d atoms is incompatible with con textual equiv alence: so we cannot trivialise the left-to-righ t implication in (5.3) by factoring out in this wa y . Note that the restriction to n ominal arities in Figure 9 means that we do not ha ve to consider = α for v alues of the form fun( f x = e ) and hence for open expressions e where the naiv e d eﬁnition of = α w ould encoun ter the semantic problems discussed in Remarks 2.1 and 5.2. So there r eally is something to d o to establish the left-to-righ t implication in (5.3). Ho we ver, w e w ill see that we ha ve already done most of the hea vy lifting for this h alf of the theorem by establishing the CI U Theorem 4.4. Remark 5.5 ( ⊢ w v ∼ = v ′ : σ ⇒ ⊢ w v = α v ′ : σ ) . Th is is equiv alent to showing that if t wo closed v alues v and v ′ of nominal arit y σ are not α -equiv alen t, then they are not context u ally equiv alen t. Pro ving con textual in equ iv alence is m u c h easier than pr o ving con textual equiv alence, since one just has to construct a con text in whic h the t w o v alues ha ve diﬀeren t op erational b eha viour. In this case it w ould s u ﬃce to exhibit a closed expr ession aeq σ : σ → σ → nat correctly implement in g = α , in the sens e that for all v and v ′ 2 This is a sligh t o ver-simpliﬁcatio n , since their “nominal terms” are not just the open va lues considered here: th ey in volv ed explicit atom-permutations as w ell. 18 A.M. PITTS AND M .R. SHINWELL ⊢ w v = α v ′ : σ ⇒ ∀ ~ a. w ⊆ atom( ~ a ) ⇒ ∃ ~ a ′ . h ~ a, Id , aeq σ v v ′ i − → ∗ h ~ a ′ , Id , Z ero() i ⊢ w v 6 = α v ′ : σ ⇒ ∀ ~ a. w ⊆ atom( ~ a ) ⇒ ∃ ~ a ′ . h ~ a, Id , aeq σ v v ′ i − → ∗ h ~ a ′ , Id , S ucc(Zero()) i . It is indeed p ossible to construct suc h an expression aeq σ b y induction on the structure of σ , b y a deﬁnition that mimics the rules in Figure 9, using the d eﬁnition of atom-sw appin g from Example 2.2 in the case of an atom-binding arity and u sing recursiv ely deﬁn ed functions at data t yp es. The p ro of of the ab o ve prop erties of aeq σ is relativ ely straigh tforwa r d if tedious; one ﬁrst has to pr o v e suitable correctness prop erties for th e swapping expressions sw ap σ from Example 2.2. This is not the route to the righ t-to-le f t implication in (5.3) that w e tak e. Instead w e deduce it fr om a general “extensionalit y” prop ert y of atom-binding types τ bind that holds for all t yp es τ , including ones that are not nominal arities, that is, ones in volving function types. Th is prop erty (Prop ositions 5.7 and 5.10) sho w s that, up to con textual equiv alence, the t yp e τ bnd b eha ves lik e the atom-abstraction construct of [GP01, Sect. 5]. It s eems interesti n g in its own right. W e are able to pro ve this prop ert y of general atom- binding t yp es τ b ind only under a restriction on obs erv ations on atoms o ver and ab o v e th e equiv ariance prop ert y (3.1) that we alw ays assu me they p ossess. This is the “aﬃneness” prop erty giv en in Deﬁnition 5.8 b elo w. The equalit y test eq (Figure 7) is aﬃne and w e will see th at this fact is enough to pro ve Theorem 5.3 as stated, that is, without an y restriction on the observ ations pr esen t other than equiv ariance. W e no w b egin the pro of of Th eorem 5.3. Prop osition 5.6. (i) ⊢ w () ∼ = () : u nit . (ii) F or al l typ e s τ 1 , τ 2 ∈ T yp , ⊢ w ( v 1 , v 2 ) ∼ = ( v ′ 1 , v ′ 2 ) : τ 1 ∗ τ 2 iﬀ ⊢ w v 1 ∼ = v ′ 1 : τ 1 and ⊢ w v 2 ∼ = v ′ 2 : τ 2 . (iii) F or e ach data typ e δ i in the de clar ation (5.1) , ⊢ w C i,j v ∼ = C i,j ′ v ′ : δ i iﬀ j = j ′ and ⊢ w v ∼ = v ′ : τ i,j . (iv) ⊢ w a ∼ = a ′ : atm iﬀ a = a ′ ∈ w . Pr o of. Part (i) and the “if ” directions of (ii)– (iv) are consequences of the fact (Theorem 4.4) that ∼ = ◦ is a compatible equiv alence. F or the “only if ” directions of (ii) and (iii) w e apply suitably chosen destructors. Th u s for part (ii) we use the op erational equiv alences ⊢ w fst( v 1 , v 2 ) ∼ = v 1 : τ 1 and ⊢ w snd( v 1 , v 2 ) ∼ = v 2 : τ 2 that are consequences of the deﬁnitions of ∼ = and the termination relation. Similarly , part (iii) follo ws from the easily established op erational (in)equiv alences ⊢ w div erge 6 ∼ = v : τ ⊢ w pro j i,j (C i,j v ) ∼ = v : τ i,j ⊢ w pro j i,j (C i,j ′ v ) ∼ = div erge : τ i,j if j 6 = j ′ whic h mak e use of the follo wing expressions div erge , fu n( f x = f x )() pro j i,j v , matc h v with (C i, 1 x 1 → d j, 1 | · · · | C i,n i x n i → d j,n i ) GENERA TIVE UNBINDING OF NAMES 19 where d j,j ′ , ( x j if j = j ′ , div erge i f j 6 = j ′ . Finally , for th e “only if ” direction of part (iv) we make use of the fac t that O alw a ys conta in s the atom equalit y fu nction eq from Figure 7: see Lemma A.4(i) in App endix A. This prop osition tells us that ∼ = has pr op erties mirroring those of α -equiv alence giv en b y the ﬁr st four r u les in Figure 9. T o complete the pro of of the correctness theorem, w e need to pr ov e a p rop ert y of ∼ = at atom bind ing arities σ b n d that mirrors th e ﬁ fth ru le in that ﬁgure. W e split this in to tw o p arts, Prop ositions 5.7 and 5.10. Prop osition 5.7. F or any typ e τ ∈ Typ , supp ose we ar e given close d, wel l-typ e d atom binding values ∅ ⊢ w « a » v : τ bnd and ∅ ⊢ w « a ′ » v ′ : τ b n d . If for some atom a ′′ / ∈ w we have ⊢ w ∪{ a ′′ } v { a ′′ /a } ∼ = v ′ { a ′′ /a ′ } : τ (5.4) then ⊢ w « a » v ∼ = « a ′ » v ′ : τ b n d . (5.5) Pr o of. Un lik e the previous p rop osition, this result is not just a s imple consequence of the congruence p rop erties of op erational equiv alence. It can b e pr ov ed via an induction o ve r the rules deﬁnin g termination: see App endix B. Next we need to p ro ve the conv erse of the ab ov e prop ositio n, n amely that (5.5) implies (5.4) for an y a ′′ / ∈ w . Th e d iﬃcu lty is that in verifying (5.4) we ha ve to consider the termination b eha viour of v { a ′′ /a } and v ′ { a ′′ /a ′ } in all states ~ a with atom( ~ a ) ⊇ w ∪ { a ′′ } . The atom a ′′ ma y o ccur at any p osition in ~ a and not necessarily at its r igh t-hand end ; whereas in assuming (5.5), all w e app ear to know ab out the termination b eha viour of v { a ′′ /a } and v ′ { a ′′ /a ′ } is what happ ens when a fresh atom a ′′ is placed at th e end of the state via generativ e u n b inding (cf. Remark 3.5). In fact w e are able to com bine bind and unbind op erations to r earrange atoms su ﬃ cien tly to pr ov e the result we w ant, but only in the presence of obs erv ations on atoms that are insensitiv e to atoms b eing added at the left-hand (that is, least) end of the state. T he follo wing deﬁnition m ak es this prop ert y of observ ations pr ecise. It uses the n otatio n a ′ < ~ a for the state obtained f r om ~ a ∈ State b y app ending an atom a ′ not in atom( ~ a ) to the left of the ﬁnite list of distinct atoms ~ a (c f . ~ a < a ′ deﬁned in Figure 5 ). Deﬁnition 5.8 ( Aﬃne Observ ations ) . An observ ation on ato m s , obs ∈ O , is aﬃne if it is equiv arian t (3.1) and satisﬁes: for all ~ a ∈ State , all a ′ / ∈ atom( ~ a ) and all ( a 1 , . . . , a k ) ∈ atom( ~ a ) k (where k is the arit y of obs ) J obs K a ′ < ~ a ( a 1 , . . . , a k ) = J obs K ~ a ( a 1 , . . . , a k ) . (5.6) F or example, of the observ ations deﬁn ed in Figure 7, eq and lt are aﬃne, whereas ord and card are not. The follo wing prop erty of termination follo ws from its deﬁnition in Figures 5 and 6, using Corollary 3.3. Lemma 5.9. Give n a fr ame stack S and an expr ession e , supp ose that only aﬃne ob- servations on atoms o c cur in them. Then for al l ~ a with atom( S, e ) ⊆ atom( ~ a ) and al l a ′ / ∈ atom( ~ a ) , h a < ~ a, S , e i↓ n ⇔ h ~ a, S, e i↓ n . 20 A.M. PITTS AND M .R. SHINWELL W e no w giv e a conv erse of Prop osition 5.7 , under the assumption that only aﬃne observ ations are used. The pro of is the tec hn ically most inv olv ed result in the pap er. Prop osition 5.10. Supp ose that O only c ontains aﬃne observations. F or any typ e τ ∈ T yp , supp ose we ar e given close d, wel l-typ e d atom binding values ∅ ⊢ w « a » v : τ bnd and ∅ ⊢ w « a ′ » v ′ : τ b n d . Then for al l atoms a ′′ / ∈ w we have ⊢ w « a » v ∼ = « a ′ » v ′ : τ bnd (5.7) implies ⊢ w ∪{ a ′′ } v { a ′′ /a } ∼ = v ′ { a ′′ /a ′ } : τ . (5.8) Pr o of. S upp ose (5.7) holds and that a ′′ / ∈ w . T o prov e (5.8) w e hav e to sh o w for an y w ′ ∈ W orld , ~ a ∈ State an d τ ′ ∈ Typ with atom( ~ a ) = w ′ ⊇ w ∪ { a ′′ } and ∅ ⊢ w ′ S : τ → τ ′ that h ~ a , S, v { a ′′ /a }i↓ ⇔ h ~ a , S, v ′ { a ′′ /a ′ }i↓ . (5.9) Since a ′′ ∈ ato m( ~ a ) , w e h a ve ~ a = ~ a ′ < a ′′ < a 0 < · · · < a n − 1 (5.10) for some state ~ a ′ and atoms a 0 , . . . , a n − 1 ( n ≥ 0 ). Cho ose distinct atoms b 0 , . . . , b n − 1 not o ccurring in w ′ and consider the frame stac k S ′ , Id ◦ ( z . let « x » y 0 = z in let « x 0 » y 1 = « b 0 » y 0 in . . . let « x n − 1 » y n = « b n − 1 » y n − 1 in S { x, x 0 , . . . , x n − 1 /a ′′ , a 0 . . . , a n − 1 } [ y n ]) (5.11) where z , x, x 0 , . . . , x n − 1 , y 0 , . . . , y n are d istinct v ariables not o ccurring in S . Here w e h a v e used th e notation “ let « x 1 » x 2 = e in e ′ ” from Figure 3, the notation “ S [ e ] ” fr om (4.3) and the op eration ( − ) { x/a } of replacing an atom a by a v ariable x . Since atom( S ) ⊆ w ′ = ato m( ~ a ) , b y deﬁn ition of S ′ and from (5.1 0 ) w e ha ve atom( S ′ ) ⊆ atom( ~ b ′ ) where ~ b ′ , b 0 < · · · < b n − 1 < ~ a ′ . (5.12) Let π ∈ P b e the p ermutati on sw apping eac h a i with b i (for i = 0 ..n − 1 ). Since a ′′ / ∈ w ⊇ atom( a, v ) , by d eﬁnition of ~ b ′ w e ha ve atom( π · « a » v ) ⊆ atom( ~ b ′ ) . Therefore the conﬁgura- tion h ~ b ′ , S ′ , π · « a » v i satisﬁes the wel l-formedn ess condition n eeded to apply Corollary 3.3. Noting that π · ( « a » v ) = « π ( a ) » ( π · v ) and that π · ( v { a ′′ /a } ) = ( π · v ) { π ( a ′′ ) /π ( a ) } = ( π · v ) { a ′′ /π ( a ) } , fr om that corollary , prop erty (4.2) and the deﬁnition of S ′ w e get: h ~ b ′ , S ′ , π · ( « a » v ) i↓ ⇔ h ~ b ′ < a ′′ < a 0 < · · · < a n − 1 , S, ( π · ( v { a ′′ /a } )) { a 0 , . . . , a n − 1 /b 0 , . . . , b n − 1 }i↓ . Note that by deﬁnition of π ( π · ( v { a ′′ /a } )) { a 0 , . . . , a n − 1 /b 0 , . . . , b n − 1 } = (( v { a ′′ /a } ) { b 0 , . . . , b n − 1 /a 0 , . . . , a n − 1 } ) { a 0 , . . . , a n − 1 /b 0 , . . . , b n − 1 } = v { a ′′ /a } ; GENERA TIVE UNBINDING OF NAMES 21 and ~ b ′ < a ′′ < a 0 < · · · < a n − 1 = b 0 < · · · < b n − 1 < ~ a by (5.10) and (5.12) . So altoge ther we ha ve h ~ b ′ , S ′ , π · « a » v i↓ ⇔ h b 0 < · · · < b n − 1 < ~ a, S, v { a ′′ /a }i↓ . (5.13) A similar argument giv es h ~ b ′ , S ′ , π · « a ′ » v ′ i↓ ⇔ h b 0 < · · · < b n − 1 < ~ a, S, v ′ { a ′′ /a ′ }i↓ . (5.14) W e noted in Theorem 4.4 that op erational equiv alence is equiv arian t. So f r om (5.7) w e ha ve ⊢ atom( ~ b ′ ) π · « a » v ∼ = π · « a ′ » v ′ : τ bnd . Since ∅ ⊢ atom( ~ b ′ ) S ′ : τ bnd → τ ′ , this op eratio nal equiv alence giv es h ~ b ′ , S ′ , π · « a » v i↓ ⇔ h ~ b ′ , S ′ , π · « a ′ » v ′ i↓ . Com bin ing this with (5.13) and (5.14) yields h b 0 < · · · < b n − 1 < ~ a, S, v { a ′′ /a }i↓ ⇔ h b 0 < · · · < b n − 1 < ~ a, S, v ′ { a ′′ /a ′ }i↓ . (5. 15) Since b 0 , . . . , b n − 1 / ∈ w ′ = atom( ~ a ) ⊇ atom( S, a ′′ , v , v ′ ) and O only con tains aﬃne observ a- tions, we can no w app ly Lemma 5.9 to (5.15) to get (5.9 ), as required. Example 5.11. W e co n jecture that Prop osition 5.10 fails to h old if w e drop the requiremen t that observ ations are aﬃne (but still r equ ir e them to b e equiv arian t). F or example consider the equiv arian t but non-aﬃne observ ation ord in Figure 7 and the v alues v , fun( f x = f x ) v ′ , fu n( f x = matc h ord a with (Zero → ( ) | Su cc y → v ())) where a is some atom. W e claim that ⊢ { a } « a » v ∼ = « a » v ′ : (unit → un it)bnd (5.16) but that for an y a ′ 6 = a ⊢ { a,a ′ } v { a ′ /a } 6 ∼ = v ′ { a ′ /a } : un it → unit . (5.17) The op erational inequiv alence (5.17) is witnessed by the state ~ a , [ a ′ , a ] and the frame stac k S , Id ◦ ( x. x unit) , for whic h one h as h ~ a, S, v ′ { a ′ /a }i↓ , bu t not h ~ a, S, v { a ′ /a }i↓ . At the momen t w e lac k a formal pr o of of the op erational equiv alence (5.16), but th e int u itiv e justiﬁcation f or it is as follo ws. F or any state ~ a cont aining a and an y frame stac k S , we claim that in an y sequence of transitions from h ~ a, S , « a » v ′ i the o ccurr ence of ord a in v ′ can only b e renamed to ord a ′ for atoms a ′ at p ositions strictly greater than 0 in the current state; and hen ce h ~ a, S, « a » v ′ i has the same termination prop erties as h ~ a, S, « a » v i . Pr o of of The or em 5.3. One pro ves that ⊢ w v = α v ′ : σ implies ⊢ w v ∼ = v ′ : σ by induction on the the ru les deﬁning α -equiv alence in Figure 9, using Prop ositions 5.6 and 5.7. T o pro ve the conv erse implication, ﬁrst note that if ∅ ⊢ v : σ , then v conta ins no instances of observ ations obs ∈ O . The p ro of of this is by induction on the structure of the n ominal arit y σ ; the only wa y observ ations on atoms can app ear in v alues of the language is via function v alues, fun( f x = e ) , and the deﬁ n ition of “nominal arit y” excludes function types. It follo ws from the deﬁnition of op erational equiv alence in Deﬁn ition 4.1 that if ⊢ w v ∼ = v ′ : σ holds for a language with observ ation s et O , it also holds f or the sub-language with m inimal observ ation set { eq } . Th us it suﬃces to prov e the imp licatio n ⊢ w v ∼ = v ′ : σ ⇒ ⊢ w v = α v ′ : σ for this minimal sub-language; and this can b e done by induction on th e structure of σ using Pr op ositions 5.6 and 5.10 (the latter applies b ecause eq is aﬃne). 22 A.M. PITTS AND M .R. SHINWELL 6. Rela ted and Fur ther Work 6.1. Correctness of Represen tation. It is instru ctiv e to compare the C orrectness of Represen tation prop ert y of F reshML (Theorem 5.3) w ith ade quacy results for t yp e-theoretic logica l f r amew orks [Pfe01 ]. Both are concerned w ith the represen tation of exp r essions of some ob j ect-language in a meta-language. F or logical framew orks the main issue is sur jec- tivit y: one w ants ev ery expression at the meta-lev el to b e con ve rtible to a n ormal form and for ev ery normal form at certain t yp es to b e the represent ation of some ob ject-lev el expr es- sion. The fact that α -equiv alence of ob ject-lev el expressions is preserv ed and reﬂected by the represent ation is a simple matter, b ecause equiv alence in the logical framework is tak en to b e αβ η -con v ersion, w h ic h sp ecialises on normal forms to just α -equiv alence. Cont rast this with the situation for F reshML where surj ectivit y of the repr esen tation is straigh tfor- w ard , b ecause v alues of the relev an t F reshML data t yp es ar e ju st ﬁrst order abstract syn tax trees; whereas th e fact that α -equiv alence of ob ject-lev el expressions is preserv ed and re- ﬂected b y th e r epresen tation in F reshML is a non-trivial prop ert y . This is b ecause we tak e equiv alence of F r eshML expr essions to b e con textual equiv alence. This is the natural notion of equiv alence from a p rogramming p oint of view, bu t its prop erties are hard won. One asp ect of adequacy results for logical fr amew orks highligh ted in [Pfe01] is c om- p ositionality of r epresen tations. Although imp ortant, this issue is somewhat orthogonal to our concerns here. It refers to the question of whether subs titution of expressions for v ariables at the ob ject-lev el is r ep r esen ted b y β -con v ers ion at the meta-lev el. F rom the p oint of view of nominal signatures [Pit06], v ariables are just one kind of name. Prop erties of α -con version of all kinds of names are treated by the theory; but if one w ants notions of substitution and β -con ve r sion for a particular kind of name, one has to give a deﬁni- tion (an “ α -structural” recursiv e d eﬁnition [Pit06]). F or example in F reshML, using the data t yp e (1.1) for λ -terms one can giv e an app ealingly simple d eclarati on for a function subst : term → atm → term → term for capture-a v oiding su bstitution; see [SPG03, p. 264]. Comp ositionalit y of the representa tion t 7→ p t q giv en in the introdu ction then b ecomes the conte x tu al equiv alence ⊢ w p t 1 [ t 2 /a ] q ∼ = subst p t 2 q a p t 1 q : term . Th e C IU th eorem (Theorem 4.4) pro vid es the basis for provi ng suc h con textual equiv alences. (W e b eliev e this particular equiv alence is v alid when O = { eq , lt } , b ut n ot wh en O = { eq , card } ; see Section 7.) 6.2. Concrete Seman tics. W e ha v e explored some of the consequences of adding int eger- v alued “observ ations on atoms” to F reshML ov er and ab ov e the usual test for equalit y . S uc h functions allo w more eﬃcien t data structures to b e used for algorithms inv olving atoms as k eys. F or example, binary searc h trees making use of the comparison function lt from Figure 7 could b e used instead of asso ciation lists. What ab out adding fun ctions from num b ers to atoms? An imp lemen tation of the language ma y w ell represent atoms by n u m b ers, via some ﬁ xed enumeration of the set of atoms, α : N ∼ = A . Can we giv e the programmer access to this bĳection? Less rad ically , can w e allo w op erations on atoms that mak e use of arithmetic p rop erties of the underlying represen tation? Not without breaking the in v arian t atom( S, e ) ⊆ atom( ~ a ) of conﬁ gu r ations h ~ a, S, e i —the prop erty of our op erational seman tics that ensures that an atom’s fr eshness with resp ect to the cur ren t state really do es mean that it is diﬀerent from all other atoms in the cur ren t con text. F or example, supp ose w e add to the language an op eration suc : GENERA TIVE UNBINDING OF NAMES 23 atm → atm whose meaning is “successor function on ato ms ”, with tran s itions h ~ a, S, s u c a i − → h ~ a, S, a ′ i whenev er a = α ( n ) and a ′ = α ( n + 1) for some n ∈ N . Then it ma y we ll b e the case that a ′ / ∈ ato m( ~ a ) ev en though a ∈ atom( ~ a ) . So exposing the n umerical represen tation of atoms in vol v es giving up the inv arian t prop- erties of the abstract seman tics we ha v e used here. P erhaps a more interesti n g alternativ e to actually exp osing n umerical representa tions of atoms w ould b e to pro ve con textual equiv a- lence of eﬃcien t and n aiv e implementa tions of the abs tr act semant ics extended with types of ﬁnite maps on atoms. S uc h abstract t yp es form an add ition to the signature in Figure 1 diﬀeren t from the kind w e ha v e considered here, b ut certainly one worth y of inv estigati on. 6.3. Mec hanising Meta-Theory. The tec h niques w e used here to pro ve the Corr ectness of Represen tation p rop ert y are op erationally based, in cont rast to the d enotatio n al tec h - niques u sed in [Shi05a, SP05b]. The adv anta ge of wo rking directly with the syntax and op erational seman tics of the language is that there are lo wer m athematica l “o v erh eads”— v arious kind s of in duction b eing the main tec hn iques in v olv ed. The disadv an tage is that to d eplo y such inductiv e tec h niques often inv olv es great ingen uit y c ho osing inductiv e hy- p otheses and m uch error p r one tedium chec king induction steps. F u r thermore, w ith these metho ds it seems harder to predict the eﬀec t that a sligh t c hange in language or formalisa- tion ma y ha v e on a pro of. Although ingen uit y in choosing inductiv e hyp otheses m a y alw ays b e the p reserv e of humans, mac hine assistance of the kind en visaged by the “POPLmark c hallenge” [ABF + 05] seems a v ery go o d idea for the other asp ects of the op erationally based appr oac h. T he main results presen ted here are still a c hallenging target for fu lly formalised and mac hine c heck ed p ro ofs. W e ha ve tak en some care with the formalisation (using a “relational” appr oac h to con textual equiv alence, for example); bu t r esu lts con- cerning coinductiv e equiv alences, lik e the CIU theorem (Theorem 4.4), are quite complex logica lly sp eaking, compared with the kind of t yp e safet y results (lik e Theorem 2.4) that POPLMark has fo cused on so far. Systems lik e Isab elle/HOL [NPW0 2 ] that dev elop pro ofs in full classical higher order logic seem appropriate to the task, in principle. Bu t th ere is a gap b et we en what is p ossible in pr inciple for an exp ert of an y particular system and what is curr ently practicable for a casual user. Urban and Berghofer [UB06] are dev eloping a Nominal Data T yp e Package for Isab elle/HOL that ma y b e v ery useful for narro win g this gap. The fact that F r eshML and the Urban-Berghofer pac kage b oth hav e to do with the same mathematical un iv erse of “nominal sets” [Pit06] is p erhaps sligh tly confu sing: their Nominal Data Type P acka ge is useful for fully formalising pro ofs ab ou t n ames and name- binding in op erational seman tics wh ether or not those pro ofs ha ve to do w ith the particular mec hanism of generativ e unbinding that is the f o cus of this pap er. 7. Conc lusion The F resh ML [SPG03, Shi05b] appr oac h to functional p rogramming with binders com- bines abstract t yp es f or n ames and name binding with an u n b inding op eration that inv olv es generation of fresh names. I n this pap er w e hav e studied some theoretica l prop erties of this design to do w ith data correctness. W e sho wed that the addition of in teger v alued ob- serv ations on names d o es not break F reshML’s fun damen tal Correctness of Representa tion prop erty that α -equiv alence classes of abstract syn tax trees (for an y nominal signature) coincide w ith con textual equiv alence classes of user declared d ata v alues. In particular, it is p ossible to giv e programmers access to a linear order on names without breaking the “up 24 A.M. PITTS AND M .R. SHINWELL to α -equiv alence” representa tion of syntax. The simple insigh t b ehind this p ossibly sur- prising result has to d o with the fact that F reshML is impure—program execution m u tates the state of d ynamically created names. I f the state is tak en into accoun t wh en giving th e meaning of observ ations on names, then the p erm utation in v ariance prop erties that underly the correctness prop ert y can b e r etained. The original versio n of F reshML [PG00 ] w as pure b y dint of the “fresh ness inference” in clud ed in its t yp e system. Sub sequen t exp erience with the language sho wed that the form of freshness inference that w as used there w as o v erly restrictiv e from a programming p oin t of view. S o freshness inference w as dropp ed in [SPG03]. Ho wev er, Po ttier [P ot07] has recentl y regained purit y in a F reshML-lik e language through th e u se of user-pro vided assertions. W e hav e n ot inv estigated whether results like those presente d in this pap er also app ly to P ottier’s language. This p ap er has b een concerned with data correctness, bu t what ab out general results on pr o gr am c orr e ctness ? Th e only restriction w e placed on observ ations on atoms is that, as fun ctions of b oth the state and the names they op erate up on, they should b e inv ariant under p erm u ting names. W e hav e seen that the Correctness of Representat ion p r op ert y (Theorem 5.3 ) remains v alid in the pr esence of any s u c h observ ation. How ever, we are certainly not adv o cating that arbitrary equ iv arian t observ ations b e added to F reshML. This is b ecause some forms of observ ation may r adically aﬀect the general programming la ws that context u al equiv alence satisﬁes. W e saw one example of this here: only for “aﬃne” observ ations (whic h are insensitive to ho w man y names ha ve b een created b efore the argument s to w h ic h they are applied) were w e able to combine Prop ositions 5.7 and 5.10 to get an “exte nsionalit y” resu lt explaining con textual equiv alence at t yp e τ bnd in terms of con textual equiv alence at τ , for arbitrary higher typ es τ . More inv estigat ion of pr ogram correctness p rop erties in the presence of particular ob- serv ations on atoms is needed b efore one can adv o cate adding them to the F reshML design. The tec hniqu es we used in this pap er could form th e basis for suc h an in vesti gation. T hey com bine the usu al engine of stru ctural op erational seman tics—namely syn tax-directed, rule based induction—with the app roac h to freshn ess of names based on name p erm utations that wa s introdu ced in [GP01] and deve lop ed in [Pit03, UN05, Pit06]. A cknowledgement. The authors are grateful for the suggestions for improv ement made by the anonymo u s referees. Referenc es [ABF + 05] B. E. A ydemir, A. Bohannon, M. F airbairn, J. N. F oster, B. C. Pierce, P . Sewe ll, D. V y t inio- tis, G. W ash b urn, S. W eiric h , and S. Zdancewic. Mec hanised metatheory for the mass es: The POPLmark challenge. In J. Hu rd and T. Melham, editors, 18t h International Confer enc e on The- or em Pr oving in Higher Or der L o gics: T PHO Ls 2005 , volume 3603 of L e ctur e Notes in Computer Scienc e , p ages 50–65. Springer-V erlag, 2005. www.cis.upenn .edu/grou p/proj/plclub/mmm/ . [BL05] P . N. Benton and X . Leroy , editors. A CM SIGPLAN W orkshop on ML (ML 2005), T al linn, Estonia , Electronic Notes in Theoretical Computer Science. Elsevier, September 2005. [Che05] J. Cheney . Scrap yo ur nameplate (functional p earl). In T enth A CM SIGPLAN I nternational Confer enc e on F unctional Pr o gr ammi ng (ICFP’ 05), T al linn, Estonia , pages 180–191. ACM Press, Septem b er 2005. [FH92] M. F elleisen and R . Hieb. The revised report on the syntactic theories of sequen tial control and state. The or etic al Computer Scienc e , 103:235– 271, 1992. GENERA TIVE UNBINDING OF NAMES 25 [FSDF93] C. Flanagan, A. S abry , B. F. Duba, and M. F elleisen. The essence of compiling with con- tinuati ons. I n Pr o c e e di ngs A CM SIGPLAN Confer enc e on Pr o gr am m ing L anguage Design and Implementation, PLDI’93, A lbuquer que, NM, USA , pages 237–2 47. ACM Press, June 1993. [Gor98] A. D. Gordon. Operational equiv alences for unt y p ed and p olymorphic ob ject calculi. In Gordon and Pitts [GP98], pages 9–54. [GP98] A. D. Gordon and A. M. Pitts, editors. Hi gher Or der Op er ational T e chniques in Semantics . Publications of the Newton Institute. Cambridge Univers it y Press, 1998. [GP01] M. J. Gabba y and A. M. Pitts. A n ew approac h to abstract sy ntax with v ariable binding. F ormal A sp e cts of Computing , 13:341–363, 2001. [Gun92] C. A. Gu nter. Semantics of Pr o gr amming L anguages: Structur es and T e chniques . F ound ations of Computing. MIT Press, 1992. [Ho w96] D. J. H o we. Pro v ing congruence of bisim u lation in functional programming languag es. Informa- tion and Computation , 124(2):103–1 12, 1996. [Las98] S. B. Lassen. Relational reasoning about contexts. In Gordon and Pitts [GP98], pages 91–135. [MT91] I. A. Mason and C. L. T alcott. Equiv alence in functional languages with eﬀects. Journal of F unctional Pr o gr amming , 1:287–327, 1991. [MTHM97] R . Milner, M. T ofte, R. Harp er, and D. MacQueen. The Deﬁnition of Standar d ML (R evise d) . MIT Press, 1997. [NPW02] T . Nipk ow, L. C. P aulson, and M. W enzel. Isab el le/HOL—A Pr o of A ssistant f or Hi gher-Or der L o gic , vo lume 2283 of L e ctur e Notes i n Computer Scienc e . Sp ringer-V erlag, 2002. [Pfe01] F. Pfenning. Logical framew orks. In A. Robinson and A. V oronko v, editors, Handb o ok of A uto- mate d R e asoning , c h apter 17, pages 1063–114 7. Elsevier Science and MIT Press, 2001. [PG00] A. M. Pitts and M. J. Gabbay . A metalanguage for p rogrammi ng with b ound names mo dulo renaming. In R. Backhouse and J. N. Oliveira, editors, Mathematics of Pr o gr am Construction. 5th International Confer enc e, MPC2000, Ponte de Li ma, Portugal, July 2000. Pr o c e e dings , vol u me 1837 of L e ctur e Notes in Computer Scienc e , pages 230 –255. S pringer-V erlag, H eidelberg, 2000. [Pit02] A. M. Pitts. Op erational semantics and p rogram equiv alence. I n G. Barthe, P . Dyb jer, and J. Saraiv a, editors, A pplie d Semantics , A dvanc e d L e ctur es , v olume 2395 of L e ctur e Notes in Com- puter Scienc e, T utorial , pages 378–412. Springer-V erlag, 2002. International Summer Sc hool, APPSEM 2000 , Cami nha, Po rtugal, September 9–1 5, 2000. [Pit03] A. M. Pitts. Nominal logic, a ﬁrst order theory of names and binding. Inf ormation and Compu- tation , 186: 165–193, 2003 . [Pit05] A. M. Pitts. Typed op erational reasoning. In B. C. Pierce, editor, A dvanc e d T opics in T yp es and Pr o gr amming L anguages , chapter 7, pages 245–2 89. The MIT Press, 2005 . [Pit06] A. M. Pitts. Alpha-structural recursion and induction. Journal of the A CM , 53(3):459–506 , 2006. [P ot05] F. Po t tier. A n o verview of C α ml. In Ben t on and Leroy [BL05], pages 27–52. [P ot07] F. Pottier. Static name contro l for F reshML. In Twenty-Se c ond A nnual IEEE Symp osium on L o gic In Computer Scienc e (LICS’ 07) , pages 356–365, W ro claw , P oland, July 2007. IEEE Com- puter Society Press. [PS07] A. M. Pitts and M. R. Shinw ell. Generativ e unbinding of names. In 34th An nual A CM SIGPLAN- SIGA CT Symp osium on Principles of Pr o gr ammi ng L anguages (POPL 2007), Nic e, F r anc e , pages 85–95. ACM Press, January 2007. [Shi05a] M. R. Shinw ell. The F r esh Appr o ach: F unctional Pr o gr amming w i th Names and Binders . PhD thesis, Universit y of Cambridge Computer Lab oratory , 2005. A v ailable as Un iversit y of Cam- bridge Computer Lab oratory T echnical Rep ort UCAM-CL-TR-618. [Shi05b] M. R. Shinw ell. F resh O’Caml: N ominal abstract syntax for t h e masses. In Ben ton and Lero y [BL05], pages 53–76. [SP05a] M. R. Shinw ell and A. M. Pitts. Fresh Ob jective Caml user manual. T echnical Report UCAM- CL-TR-621, U nivers it y of Cambridge Computer Lab oratory , F ebruary 2005. [SP05b] M. R . Shin well and A. M. Pitts. On a monadic semanti cs for freshness. The or etic al Computer Scienc e , 342:28–55, 2005. [SPG03] M . R. Sh inw ell, A . M. Pitts, and M. J. Gabbay . F reshML: Programming with binders made simple. In Eighth A CM SIGPLAN International Confer enc e on F unctional Pr o gr ammi ng (ICFP 2003), Uppsala, Swe den , pages 263– 274. AC M Press, August 200 3. 26 A.M. PITTS AND M .R. SHINWELL [UB06] C. Urban and S. Berghofer. A recursion combinator for nominal datatypes implemented in Isabelle/HOL. In 3r d International Joint Conf er enc e on A utomate d R e asoning (ĲCAR 2006), Se attle, USA , volume 4130 of L e ctur e Notes in Computer Scienc e , p ages 498–512. S pringer- V erlag, 200 6. [UN05] C. Urban and M. Norrish. A formal treatmen t of the Barendregt V ariable Conv ention in ru le inductions. In Pr o c e e dings of t he 3r d A CM SIGPLAN W orkshop on Me chanize d R e asoning ab out L anguages with V ariable Bi nding (MERLIN ’05), T al linn, Estonia , pages 25–32. ACM Press, 2005. [UPG04] C. Urban, A. M. Pitts, and M. J. Gabba y . Nominal uniﬁcation. The or etic al Computer Scienc e , 323:47 3–497, 2004. Appendix A. Proof of Theo rem 4.4 W e wish to sh o w that the expression r elation ∼ = ◦ of Deﬁnition 4.3 is compatible and substitutiv e (see Deﬁnition 4.2). W e use an adaptation of “Ho we’s metho d” [Ho w 96] to d o so. Let the expression r elatio n ∼ = ∗ b e inductiv ely deﬁned fr om ∼ = ◦ b y the rule Γ ⊢ w e c ∼ = ∗ e ′ : τ Γ ⊢ w e ′ ∼ = ◦ e ′′ : τ Γ ⊢ w e ∼ = ∗ e ′′ : τ . (A.1) In making this indu ctiv e deﬁn ition, we are imp licitly r elying up on the easily pr ov ed fact that compatible reﬁnemen t, E 7→ b E , is a monotone op eration on expression relations, that is, E 1 ⊆ E 2 ⇒ b E 1 ⊆ b E 2 . Lemma A.1. (i) Γ ⊢ w e ∼ = ∗ e ′ : τ ∧ Γ ⊢ w e ′ ∼ = ◦ e ′′ : τ ⇒ Γ ⊢ w e ∼ = ∗ e ′′ : τ . (ii) ∼ = ∗ is c omp atible and substitutive. (iii) atom( e ) ⊆ w ∧ Γ ⊢ e : τ ⇒ Γ ⊢ w e ∼ = ∗ e : τ . (iv) atom( S ) ⊆ w ∧ Γ ⊢ S : τ → τ ′ ⇒ Γ ⊢ w S c ∼ = ∗ S : τ → τ ′ . (v) Γ ⊢ w v ∼ = ∗ e ′ : τ ⇒ ∃ v ′ . Γ ⊢ w v ∼ = ∗ v ′ : τ ∧ Γ ⊢ w v ′ ∼ = ◦ e ′ : τ . Pr o of. T hese prop erties of ∼ = ∗ are simple consequences of its d eﬁnition and the d eﬁnition of the extension of compatible reﬁn ement to a relation b et wee n frame stac ks giv en by the last t wo rules in Figure 8. Lemma A.2. (i) ∼ = ∗ is e quivariant. (ii) Γ ⊢ w e ∼ = ∗ e ′ : τ ∧ w ⊆ w ′ ⇒ Γ ⊢ w ′ e ∼ = ∗ e ′ : τ . (iii) Γ ⊢ w S c ∼ = ∗ S ′ : τ → τ ′ ∧ w ⊆ w ′ ⇒ Γ ⊢ w ′ S c ∼ = ∗ S ′ : τ → τ ′ . Pr o of. Part (i) follo ws from the fact that ∼ = ◦ is equiv ariant, whic h in turn is a consequence of Lemma 3.2. P arts (ii) and (iii) are consequences of the fact that w orld weak ening is built in to the deﬁn ition of op erational equiv alence in Deﬁnition 4.1. Lemma A.3. Γ ⊢ w e ∼ = ◦ e ′ : τ ⇒ Γ ⊢ w e ∼ = ∗ e ′ : τ . Pr o of. I f Γ ⊢ w e ∼ = ◦ e ′ : τ , then in p articular atom( e ) ⊆ w and Γ ⊢ e : τ , so that b y Lemma A.1(iii) we hav e Γ ⊢ w e ∼ = ∗ e : τ ; so from part (i) of that lemma we get Γ ⊢ w e ∼ = ∗ e ′ : τ . GENERA TIVE UNBINDING OF NAMES 27 W e wish to sho w that ∼ = ∗ coincides with ∼ = ◦ . In view of the previous lemma, it j ust remains to show th at ∼ = ∗ ⊆ ∼ = ◦ . L emm a A.5 pro vides the k ey to this. Before stating that lemma we giv e some simp le prop erties of ∼ = that are needed to prov e it. Lemma A.4. (i) ⊢ w a ∼ = a ′ : atm ⇒ a = a ′ . (ii) ⊢ w v ∼ = v ′ : τ bnd ⇒ ⊢ w unbind v ∼ = unbind v ′ : atm ∗ τ . (iii) If ⊢ w v ∼ = v ′ : τ 1 → τ 2 , then f or any world w ′ ⊇ w and value v 1 with atom( v 1 ) ⊆ w ′ and ⊢ v 1 : τ 1 , it is the c ase that ⊢ w ′ v v 1 ∼ = v ′ v 1 : τ 2 . Pr o of. F or part (i) w e mak e use of the fact th at O alw ays co n tains the ato m equalit y fun ction eq from Figure 7 . Cons id er the frame stac k S a , Id ◦ ( x. let y = eq x a in matc h y with (Zero → () | Succ z → div erge)) . If a 6 = a ′ are distinct elemen ts of w , then c h o osing some ~ a ∈ State with atom( ~ a ) = w , it is not hard to see that h ~ a, S a , a i↓ h olds wh ereas h ~ a , S a , a ′ i↓ d o es not hold. So if ⊢ w a ∼ = a ′ : atm it cannot b e the case that a 6 = a ′ . F or part (ii), giv en any ~ a , S and τ ′ with w ∪ atom( S ) ⊆ atom( ~ a ) and ∅ ⊢ S : τ → τ ′ , then h ~ a, S, u n b ind v i↓ ⇔ h ~ a, S ◦ ( x. unbind x ) , v i↓ b y d eﬁnition of ↓ ⇔ h ~ a, S ◦ ( x. u n b ind x ) , v ′ i↓ since ⊢ w v ∼ = v ′ : τ bnd ⇔ h ~ a, S, u n b ind v ′ i↓ b y deﬁnition of ↓ and thus ⊢ w unbind v ∼ = unbind v ′ : atm ∗ τ . The p ro of of part (iii) is similar to that for (ii), u sing the frame ( x. x v 1 ) in place of ( x. u n bind x ) . Lemma A.5. F or al l n ≥ 0 and al l w , S, S ′ , τ , τ ′ , e, e ′ , ~ a ∅ ⊢ w S c ∼ = ∗ S ′ : τ → τ ′ ∧ ∅ ⊢ w e ∼ = ∗ e ′ : τ ∧ atom( ~ a ) = w ∧ h ~ a, S, e i↓ n ⇒ h ~ a, S ′ , e ′ i↓ . (A.2) Pr o of. T he lemma is prov ed by induction on n . The base case n = 0 follo ws from the deﬁnition of b − (wh ic h implies that ∅ ⊢ w Id c ∼ = ∗ S ′ : τ → τ ′ can only hold when S ′ = Id ), com bined with L emma A.1(v) and th e d eﬁnition of ∼ = ◦ . F or the ind uction step, assume (A.2) holds and that ∅ ⊢ w S c ∼ = ∗ S ′ : τ → τ ′ (A.3) ∅ ⊢ w e ∼ = ∗ e ′ : τ (A.4) atom( ~ a ) = w (A.5) h ~ a, S, e i − → h ~ a 1 , S 1 , e 1 i (A.6) h ~ a 1 , S 1 , e 1 i↓ n (A.7) W e h av e to prov e h ~ a, S ′ , e ′ i↓ and do so by an analysis of (A.6 ) against the p ossible cases 1–9 in the d eﬁ n ition of the transition r elation in Figure 5. 28 A.M. PITTS AND M .R. SHINWELL Case 1. In this case S = S 1 ◦ ( x. e 2 ) , e = v ∈ V al , ~ a 1 = ~ a , and e 1 = e 2 [ v /x ] , for some e 2 and v . F or (A.3) to hold, by d eﬁ n ition of c ∼ = ∗ it m ust b e th e case th at S ′ = S ′ 1 ◦ ( x. e ′ 2 ) f or some S ′ 1 and e ′ 2 with { x : τ } ⊢ w e 2 ∼ = ∗ e ′ 2 : τ 2 (A.8) ∅ ⊢ w S 1 c ∼ = ∗ S ′ 1 : τ 2 → τ ′ (A.9) for some type τ 2 . Since e = v is a v alue, applying Lemma A.1(v) to (A.4) we get ∅ ⊢ w v ∼ = ∗ v ′ : τ (A.10) ⊢ w v ′ ∼ = e ′ : τ (A.11) for some v ′ ∈ V al . S ince ∼ = ∗ is sub stitutiv e (Lemma A.1(ii)), from (A.8) and (A.10) we get ∅ ⊢ w e 2 [ v /x ] ∼ = ∗ e ′ 2 [ v ′ /x ] : τ 2 . (A.12) Applying the indu ction hyp othesis (A.2) to (A.9), (A.12), (A.5) and to (A.7 ), we get h ~ a, S ′ 1 , e ′ 2 [ v ′ /x ] i↓ ; hence h ~ a, S ′ 1 ◦ ( x.e ′ 2 ) , v ′ i↓ , that is, h ~ a , S ′ , v ′ i↓ ; and therefore b y (A.11) w e also ha v e h ~ a, S ′ , e ′ i↓ , as required. Case 2. In this case w e hav e e = let x = e 1 in e 2 , ~ a 1 = ~ a and S 1 = S ◦ ( x. e 2 ) for some e 2 . Since (A.4) holds, by deﬁnition of ∼ = ∗ , there m u s t exist some e ′ 1 , e ′ 2 and τ 1 with ∅ ⊢ w e 1 ∼ = ∗ e ′ 1 : τ 1 (A.13) { x : τ 1 } ⊢ w e 2 ∼ = ∗ e ′ 2 : τ (A.14) ⊢ w (let x = e ′ 1 in e ′ 2 ) ∼ = e ′ : τ (A.15) and then fr om (A.3) and (A.14) we get ∅ ⊢ w S ◦ ( x. e 2 ) c ∼ = ∗ S ′ ◦ ( x. e ′ 2 ) : τ 1 → τ ′ . (A.16) The indu ction h yp othesis (A.2) app lied to (A.16 ), (A.13) and (A.5) giv es h ~ a , S ′ ◦ ( x. e ′ 2 ) , e ′ 1 i↓ and hence h ~ a, S ′ , let x = e ′ 1 in e ′ 2 i↓ . Th is and (A.15) then giv e h ~ a, S ′ , e ′ i↓ , as r equired. Case 3. This follo ws f r om the deﬁnition of ∼ = ∗ using its substitutivit y prop erty , m uch as for case 1. Case 4. In this case τ = τ 1 ∗ τ 2 , e = ( v 1 , v 2 ) , ~ a 1 = ~ a and e 1 = v 1 , f or s ome τ 1 , τ 2 ∈ Typ and v 1 , v 2 ∈ V al . By deﬁnition of c ∼ = ∗ , for (A.4) to h old it must b e the case that ∅ ⊢ w v i ∼ = ∗ v ′ i : τ i (for i = 1 , 2 ) (A.17) ⊢ w ( v ′ 1 , v ′ 2 ) ∼ = e ′ : τ 1 ∗ τ 2 (A.18) for some v ′ 1 and v ′ 2 . By the indu ction h yp othesis (A.2) ap p lied to (A.3), (A.17), (A.5 ) and (A.7), we get h ~ a, S ′ , v ′ 1 i↓ and hence also h ~ a , S ′ , fst( v ′ 1 , v ′ 2 ) i↓ . Hence by (A.18) we ha ve h ~ a, S ′ , e ′ i↓ , as required. Case 5. This is similar to the previous case. GENERA TIVE UNBINDING OF NAMES 29 Case 6. In this case e = v 1 v 2 , ~ a 1 = ~ a , S 1 = S and e 1 = e 2 [ v 1 , v 2 /f , x ] for some v 1 = fun( f x = e 2 ) and v 2 . Sin ce (A.4) holds, by deﬁnition of ∼ = ∗ together w ith Lemma A.4(iii), there must exist some e ′ 2 , v ′ 2 and τ 1 with { f : τ 1 → τ , x : τ 1 } ⊢ w e 2 ∼ = ∗ e ′ 2 : τ (A.19) ∅ ⊢ w v 2 ∼ = ∗ v ′ 2 : τ 1 (A.20) ⊢ w fun( f x = e ′ 2 ) v ′ 2 ∼ = e ′ : τ 1 → τ . (A.21) Since ∼ = ∗ is compatible (Lemma A.1(ii)), from (A.19) we get ∅ ⊢ w v 1 ∼ = ∗ fun( f x = e ′ 2 ) : τ 1 → τ ; and since ∼ = ∗ is also substitutive , this together with (A.19) and (A.20 ) giv es ∅ ⊢ w e 2 [ v 1 , v 2 /f , x ] ∼ = ∗ e ′ 2 [fun( f x = e ′ 2 ) , v ′ 2 /f , x ] : τ . Therefore by the indu ction h y p othesis (A.2) applied to (A.3), this, (A.5) and (A.7), w e get h ~ a, S ′ , e ′ 2 [fun( f x = e ′ 2 ) , v ′ 2 /f , x ] i↓ . Hence h ~ a, S ′ , fun( f x = e ′ 2 ) v ′ 2 i↓ and th us by (A.21), h ~ a, S ′ , e ′ i↓ as required. Case 7. In this case τ = atm , e = fresh() , ~ a 1 = ~ a < a , S 1 = S and e 1 = a , f or some a / ∈ atom( ~ a ) = w . Since (A.4) h olds, b y deﬁnition of ∼ = ∗ w e ha ve ⊢ w fresh() ∼ = e ′ : atm . (A.22) By Lemma A.2(iii) applied to (A.3), we ha ve ∅ ⊢ w ∪{ a } S c ∼ = ∗ S ′ : atm → τ ′ ; and b y Lemma A.1(iii) we also hav e ∅ ⊢ w ∪{ a } a ∼ = ∗ a : atm . So by the induction h yp othesis (A.2) app lied to these, atom( ~ a < a ) = w ∪ { a } and (A.7), w e get h ~ a < a, S ′ , a i↓ . Hence h ~ a, S ′ , fresh i↓ and h ence from (A.22) we also ha ve h ~ a, S ′ , e ′ i↓ , as required. Case 8. In this case τ = atm ∗ τ 1 , e = unbind « a » v , ~ a 1 = ~ a < a 1 , S 1 = S , and e 1 = ( a 1 , v { a 1 /a } ) , for some τ 1 , a , v and a 1 with a 1 / ∈ atom( ~ a ) = w . Since (A.4) h olds, by deﬁnition of ∼ = ∗ together with parts (i) and (ii) of Lemma A.4, there m ust exist some v ′ with ∅ ⊢ w v ∼ = ∗ v ′ : τ 1 (A.23) ⊢ w unbind « a » v ′ ∼ = e ′ : atm ∗ τ 1 . (A.24) W e now app eal to the easily v eriﬁed f act that since a 1 / ∈ w ⊇ atom( v , v ′ ) , the renamed v alues v { a 1 /a } and v ′ { a 1 /a } are r esp ectiv ely equal to the p ermuted v alues ( a a 1 ) · v and ( a a 1 ) · v ′ (where ( a a 1 ) denotes the p erm u tation sw apping a and a ′ ). Therefore by p arts (i) and (ii) of Lemma A.2 ap p lied to (A.23 ) and b y parts (ii) and (iii ) of Lemma A.1, w e ha ve ∅ ⊢ w ∪{ a 1 } ( a 1 , v { a 1 /a } ) ∼ = ∗ ( a 1 , v ′ { a 1 /a } ) : atm ∗ τ 1 . (A.25) By applying Lemma A.2(iii) to (A.3) we also ha ve ∅ ⊢ w ∪{ a 1 } S c ∼ = ∗ S ′ : atm ∗ τ 1 → τ ′ . Then applying the induction hyp othesis (A.2) to this, (A.25), atom( ~ a < a 1 ) = w ∪ { a 1 } and (A.7) yields h ~ a < a 1 , S ′ , ( a 1 , v ′ { a 1 /a } ) i↓ . T herefore h ~ a, S ′ , unbind « a » v ′ i↓ ; and hence b y (A.24), w e also ha v e h ~ a, S ′ , e ′ i↓ , as required. 30 A.M. PITTS AND M .R. SHINWELL Case 9. In this case τ = n at , e = obs a 1 . . . a k for some a 1 , . . . , a k ∈ w , ~ a 1 = ~ a , S 1 = S , and e 1 = p m q where m = J obs K ~ a ( a 1 , . . . , a k ) . S ince (A.4) holds, b y d eﬁ n ition of ∼ = ∗ together with Lemma A.4(i), we m u st ha ve ⊢ w obs a 1 . . . a k ∼ = e ′ : n at . (A.26) Note that b y Lemma A.1(iii) w e also ha ve ∅ ⊢ w p m q ∼ = ∗ p m q : n at . S o by the induction h yp othesis (A.2) applied to this, (A.3 ), (A.5) and (A.7) w e get h ~ a , S ′ , p m q i↓ . Since m = J obs K ~ a ( a 1 , . . . , a k ) , this implies that h ~ a, S ′ , obs a 1 . . . a k i↓ ; and hence fr om (A.26) we h a ve that h ~ a, S ′ , e ′ i↓ holds, as required . This completes the pro of of Lemma A.5. Lemma A.6. L et ( ∼ = ∗ ) + denote the tr ansitive closur e of ∼ = ∗ . Then Γ ⊢ w e ∼ = ∗ e ′ : τ ⇒ Γ ⊢ w e ′ ( ∼ = ∗ ) + e : τ . Pr o of. T his can b e prov ed b y in d uction on the deriv ation of Γ ⊢ w e ∼ = ∗ e ′ : τ from the rule in (A.1) and the r ules for compatible reﬁnement in Figure 8, using the f act that ∼ = ◦ is symmetric and using Lemmas A.3 and A.1(iii). W e can no w complete the pro of of Theorem 4.4 by sho wing that ∼ = ◦ is compatible and substitutiv e (Deﬁnition 4.2). Sin ce ∼ = ∗ has those pr op erties by Lemma A.1(ii), it su ﬃ ces to sh o w that ∼ = ◦ coincides with ∼ = ∗ . W e already noted in Lemma A.3 that ∼ = ◦ is con tained in ∼ = ∗ . F or the reve rse inclusion, since ∼ = ∗ is substitutiv e and reﬂexiv e (Lemma A.1), it is closed under sub stituting v alues f or v ariables; so by Deﬁniti on 4.3, it suﬃces to s h o w that ∅ ⊢ w e ∼ = ∗ e ′ : τ ⇒ ⊢ w e ∼ = e ′ : τ . (A.27) T o see this, note that b y Lemma A.5 (to gether with Lemmas A.1(iv) and A.2(ii)) we ha v e: ∅ ⊢ w e ∼ = ∗ e ′ : τ ⇒ ∀ ~ a, S, τ ′ . w ∪ atom( S ) ⊆ atom( ~ a ) ∧ ∅ ⊢ S : τ → τ ′ ∧ h ~ a, S, e i↓ ⇒ h ~ a, S, e ′ i↓ . (A.28) Since the righ t-hand side of the implication in (A.28) is a transitiv e relation b et w een ex- pressions e, e ′ , we also hav e ∅ ⊢ w e ∼ = ∗ + e ′ : τ ⇒ ∀ ~ a, S, τ ′ . w ∪ atom( S ) ⊆ atom( ~ a ) ∧ ∅ ⊢ S : τ → τ ′ ∧ h ~ a, S, e i↓ ⇒ h ~ a, S , e ′ i↓ and therefore Lemma A.6 giv es {} ⊢ w e ∼ = ∗ e ′ : τ ⇒ ∀ ~ a, S, τ ′ . ( w ∪ atom( S ) ⊆ atom( ~ a ) ∧ ∅ ⊢ S : τ → τ ′ ∧ h ~ a, S , e ′ i↓ ⇒ h ~ a, S, e i↓ . (A.29) Com bin ing (A.28) and (A.29) giv es (A.27). GENERA TIVE UNBINDING OF NAMES 31 Appendix B. Proof of Proposition 5.7 Let E b e the closure und er compatible reﬁnement (Fig ure 8) of the pairs of closed atom binding v alues that we wish to sho w are op erationally equ iv alen t. In other w ord s E is the expression relation ind uctiv ely deﬁ n ed b y the follo wing tw o rules. a ′′ / ∈ w ⊆ atom( a, v , a ′ , v ′ ) ⊢ w ∪{ a ′′ } v { a ′′ /a } ∼ = v ′ { a ′′ /a ′ } : τ ∅ ⊢ w « a » v E « a ′ » v ′ : τ b n d Γ ⊢ w e b E e ′ : τ Γ ⊢ w e E e ′ : τ (B.1) Lemma B.1. (i) E i s c omp atible and substitutive. (ii) atom( e ) ⊆ w ∧ Γ ⊢ e : τ ⇒ Γ ⊢ w e E e : τ . (iii) atom( S ) ⊆ w ∧ Γ ⊢ S : τ → τ ′ ⇒ Γ ⊢ w S b E S : τ → τ ′ . (iv) Γ ⊢ w v E e ′ : τ ⇒ e ′ ∈ V al . Pr o of. T hese prop erties of E are s imple consequences of its deﬁnition in (B.1), the deﬁnition of co mpatible reﬁnement in Figure 8, and the deﬁn ition of its extension to a relation b et wee n frame stac ks giv en by the last t wo rules in that ﬁgure. Lemma B.2. (i) E i s e quivariant. (ii) Γ ⊢ w e E e ′ : τ ∧ w ⊆ w ′ ⇒ Γ ⊢ w ′ e E e ′ : τ . (iii) Γ ⊢ w S b E S ′ : τ → τ ′ ∧ w ⊆ w ′ ⇒ Γ ⊢ w ′ S E S ′ : τ → τ ′ . Pr o of. T his is the analogue of Lemma A.2 for E , and is pr o v ed in the s ame wa y as that lemma. Lemma B.3. F or al l n ≥ 0 and al l w , S, S ′ , τ , τ ′ , e, e ′ , ~ a ∅ ⊢ w S b E S ′ : τ → τ ′ ∧ ∅ ⊢ w e E e ′ : τ ∧ atom( ~ a ) = w ∧ h ~ a, S, e i↓ n ⇒ h ~ a, S ′ , e ′ i↓ . (B.2) Pr o of. T he lemma is prov ed by induction on n . The base case n = 0 follo ws directly fr om Lemma B.1(iii) and the deﬁnition of b E (whic h implies that {} ⊢ w Id b E S ′ : τ → τ ′ can only hold when S ′ = Id ). F or th e induction step, assume (B.2) holds and that ∅ ⊢ w S b E S ′ : τ → τ ′ (B.3) ∅ ⊢ w e E e ′ : τ (B.4) atom( ~ a ) = w (B.5) h ~ a, S, e i − → h ~ a 1 , S 1 , e 1 i (B.6) h ~ a 1 , S 1 , e 1 i↓ n (B.7) W e ha ve to p r o ve h ~ a, S ′ , e ′ i↓ and do so b y an analysis of (B.6) against the p ossible cases 1–9 in the deﬁnition of the transition relation in Figure 5. Cases 1, 3 and 6 follo w from the deﬁnition of E and its s u bstitutivit y p rop ert y; we giv e the details for the ﬁr s t one and omit the other t wo. Cases 4, 5 and 9 also f ollo w easily from th e deﬁ n ition of E (using Lemma B.1(ii) in the third case). So we give the pr o ofs just for cases 1, 2, 7 and 8 . 32 A.M. PITTS AND M .R. SHINWELL Case 1. In this case S = S 1 ◦ ( x. e 2 ) , e = v ∈ V al , ~ a 1 = ~ a , and e 1 = e 2 [ v /x ] , for some e 2 and v . F or (B.3) to hold, by deﬁnition of b E it must b e th e case that S ′ = S ′ 1 ◦ ( x. e ′ 2 ) for some S ′ 1 and e ′ 2 with { x : τ } ⊢ w e 2 E e ′ 2 : τ 2 (B.8) ∅ ⊢ w S 1 b E S ′ 1 : τ 2 → τ ′ (B.9) for some type τ 2 . Since e = v is a v alue, app lying Lemma B.1(iv) to (B.4) w e get e ′ = v ′ for some v ′ ∈ V al . S o since b E is su bstitutiv e (Lemma B.1(i)), from (B.4 ) and (B.8) we get ∅ ⊢ w e 2 [ v /x ] E e ′ 2 [ v ′ /x ] : τ 2 . (B.10) Applying the ind uction hypothesis (B.2) to (B.9), (B.10), (B.5) and to (B.7), w e get h ~ a, S ′ 1 , e ′ 2 [ v ′ /x ] i↓ ; hence h ~ a, S ′ 1 ◦ ( x.e ′ 2 ) , v ′ i↓ , that is, h ~ a, S ′ , e ′ i↓ , as required. Case 2. In this case e = let x = e 1 in e 2 , ~ a 1 = ~ a and S 1 = S ◦ ( x. e 2 ) for some e 2 . F or (B.4) to hold, b y deﬁnition of b E it must b e the case that e ′ = let x = e ′ 1 in e ′ 2 for some e ′ 1 , e ′ 2 and τ 1 with {} ⊢ w e 1 E e ′ 1 : τ 1 (B.11) { x : τ 1 } ⊢ w e 2 E e ′ 2 : τ . (B.12) F rom (B.3) and (B.12) w e get ∅ ⊢ w S ◦ ( x. e 2 ) b E S ′ ◦ ( x. e ′ 2 ) : τ → τ ′ ; and the induction h yp othesis (B.2) applied to this, (B.11), (B.5) and (B.7) giv es h ~ a, S ′ ◦ ( x. e ′ 2 ) , e ′ 1 i↓ . Hence h ~ a, S ′ , let x = e ′ 1 in e ′ 2 i↓ , th at is, h ~ a, S ′ , e ′ i↓ , as required. Case 7. In this case τ = atm , e = fresh() , ~ a 1 = ~ a < a , S 1 = S and e 1 = a , f or some atom a / ∈ w . F or (B.4) to hold, by deﬁ n ition of E it must b e the case that e ′ = f resh() . No w Lemma B.2(iii) applied to (B.3) giv es ∅ ⊢ w ∪{ a } S b E S ′ : τ → τ ′ ; and Lemma B.1(ii) giv es ∅ ⊢ w ∪{ a } a E a : atm . Applying the in duction h yp othesis (B.2) to these t wo facts, atom( ~ a < a ) = w ∪ { a } and (B.7) giv es h ~ a < a, S ′ , a i↓ . Hence h ~ a, S ′ , fresh() i↓ , th at is, h ~ a, S ′ , e ′ i↓ , as required. Case 8. In this case τ = atm ∗ τ 1 , e = unbind « a » v , ~ a 1 = ~ a < a 1 , S 1 = S , and e 1 = ( a 1 , v { a 1 /a } ) , for some τ 1 , a , v and a 1 with a 1 / ∈ w . F or (B.4) to h old, b y deﬁnition of E it m us t b e the case that e ′ = un bin d « a ′ » v ′ with either (a): a = a ′ ∧ ∅ ⊢ w v E v ′ : τ 1 or (b): ∃ a ′′ / ∈ w. ⊢ w ∪{ a ′′ } v { a ′′ /a } ∼ = v ′ { a ′′ /a } : τ 1 (B.13) If (B.13)(a) holds, then as in the pro of of Lemma A.5 we no w app eal to the easily v eriﬁed f act that s in ce a 1 / ∈ w ⊇ atom( v , v ′ ) , the renamed v alues v { a 1 /a } and v ′ { a 1 /a } are resp ectiv ely equal to the p ermuted v alues ( a a 1 ) · v and ( a a 1 ) · v ′ (where ( a a 1 ) denotes the p erm u tation swapping a and a ′ ). Therefore from th e fact that ∅ ⊢ w v E v ′ : τ 1 holds, from parts (i) and (ii) of Lemma B.2 we get ∅ ⊢ w ∪{ a 1 } v { a 1 /a } E v ′ { a 1 /a } : τ 1 . T hen since a = a ′ , by Lemma B.1(ii) we h av e ∅ ⊢ w ∪{ a 1 } ( a 1 , v { a 1 /a } ) E ( a 1 , v ′ { a 1 /a ′ } ) : atm ∗ τ 1 . Applying th e indu ction hypothesis (B.2) to this, (B.3) (we ake n ed us ing Lemma B.2(iii)), atom( ~ a < a 1 ) = w ∪ { a 1 } and (B.7) yields h ~ a < a 1 , S ′ , ( a 1 , v ′ { a 1 /a } ) i↓ with a 1 / ∈ ato m ( ~ a ) . Therefore by d eﬁnition of ↓ , w e also hav e h ~ a, S ′ , unbind « a ′ » v ′ i↓ . GENERA TIVE UNBINDING OF NAMES 33 If (B.13)(b) h olds, th en b y Theorem 4.4, so do es ⊢ w ∪{ a ′′ } ( a ′′ , v { a ′′ /a } ) ∼ = ( a ′′ , v ′ { a ′′ /a } ) : atm ∗ τ 1 (B.14) Lemma 3.2 applied to (B.7) with π = ( a 1 a ′′ ) giv es h ~ a < a ′′ , S, ( a ′′ , v { a ′′ /a } ) i↓ n . Combining this with (B.3) (w eak ened u sing Lemma B.2(iii)), ∅ ⊢ w ∪{ a ′′ } ( a ′′ , v { a ′′ /a } ) E ( a ′′ , v { a ′′ /a } ) : atm ∗ τ 1 (b y Lemma B.1(ii)), atom( ~ a < a ′′ ) = w ∪ { a ′′ } and th e induction hyp othesis (B.2), w e get h ~ a < a ′′ , S ′ , ( a ′′ , v { a ′′ /a } ) i↓ . T hen by deﬁnition of ∼ = , from this and (B.14) w e get h ~ a < a ′′ , S ′ , ( a ′′ , v ′ { a ′′ /a } ) i↓ with a ′′ / ∈ ~ a . T herefore as b efore, b y deﬁnition of ↓ , w e also ha ve h ~ a, S ′ , unbind « a ′ » v ′ i↓ . So in either case in (B.13), since e ′ = un bin d « a ′ » v ′ , we get h ~ a, S ′ , e ′ i↓ , as r equired. This completes the pro of of Lemma B.3 . W e can now complet e the pro of of Prop osition 5.7. F or an y t yp e τ ∈ Typ , supp ose w e are giv en closed, well -t yp ed atom b inding v alues ∅ ⊢ « a » v : τ bnd and ∅ ⊢ « a ′ » v ′ : τ bnd with atom( a, v , a ′ , v ′ ) ⊆ w and satisfying ⊢ w ∪{ a ′′ } v { a ′′ /a } ∼ = v ′ { a ′′ /a ′ } : τ (B.15) for some atom a ′′ / ∈ w . By d eﬁ n ition of E th is implies ∅ ⊢ w « a » v E « a ′ » v ′ : τ bnd . (B.16) F or any w ′ , ~ a , S , and τ ′ with atom( ~ a ) = w ′ ⊇ w ∪ atom( S ) and ∅ ⊢ S : τ → τ ′ , we ha v e ∅ ⊢ w ′ S b E S : τ → τ ′ (B.17) b y Lemma B.1(iii) and ∅ ⊢ w ′ « a » v E « a ′ » v ′ : τ b n d (B.18) b y Lemma B.2(ii) app lied to (B.16). So Lemma B.3 applied to (B.17), (B.18) and atom( ~ a ) = w ′ , w e ha ve h ~ a, S, « a » v i↓ ⇒ h ~ a , S, « a ′ » v ′ i↓ . Since ∼ = is symmetric, th e s ame argument sho ws that (B.15) implies h ~ a, S, « a ′ » v ′ i↓ ⇒ h ~ a, S, « a » v i↓ . Th us (B.15) implies that « a » v and « a ′ » v ′ are op erationally equ iv alen t, as requir ed . This wo rk is licensed under the Creative Commons Attribution-NoDerivs License. T o view a copy of this l i cense, visi t http://cr eativecommons.org/licenses/by-nd/2.0/ or send a letter to Creative Commons, 559 Nathan Abbott Wa y , Stanford, California 94305 , USA.

Generative Unbinding of Names

Original Paper

Comments & Academic Discussion

Leave a Comment

Original Paper

Related Papers

Comments & Academic Discussion

Leave a Comment